Re: can't turn off ssh password access on my new solaris box



"NKG" == Nico Kadel-Garcia <nkadel@xxxxxxxxxxx> writes:

>> Good point. I try to forget that SSH-1 exists. :)

NKG> Richard, are we anywhere near the point where SSH 1 should be
NKG> disabled by default in sshd_config? I'm under the impression that
NKG> it's really fallen out of favor: I haven't used it in years
NKG> except by accident.

I think so, unless there's some specific need for it; certainly if it's
for use by/inside your own organization. If you're an ISP or other entity
like, say, anonymizer.com, then perhaps you still want to leave it on to
accomodate your more archaic customers. Or, if you think your associates
may have to log in from random locations with whatever SSH client they can
find -- although of course, there are bigger problems with that than your
choice of protocol. And, SSH-1 is especially to be avoided in such a
case, since its weak key exchange allows the client to force an insecure
session key.

--
Richard Silverman
res@xxxxxxxx

.



Relevant Pages