[rootshell] Security Bulletin #25
Dan Watts
dwatts at vitts.com
Tue Nov 3 15:11:12 UTC 1998
At 09:04 AM 11/3/98 -0500, Joe Loiacono wrote:
>At 09:44 PM 11/2/98 -0800, Roeland M.J. Meyer wrote:
>>
>>We plopped v1.2.21 into production over a year (Aug97) ago. We use the
>>F-secure WinNT client. We have not seen compelling reason to upgrade.
>>Insignificat additional features and huge risk that our WinNT clients would
>>also have to be upgraded. I am not aware of published exploits against this
>>version, or higher, of SSH.
>>
>
>Right. The kicker for me has been that i can't get a V1 client to work with
>V2 sshd (and BTW i can't get a V2 client to work with V1 sshd). So this
>would mean a wholesale upgrade of all clients, including Windex ones...
>
>Joe Loiacono Phone: (301) 794-2509
>Computer Sciences Corporation Fax: (301) 794-9530
We've currently got F-secure WinNT client v1.1 installed on our PCs.
We also have both ssh V1 and V2 installed on Unix servers. The V2
sshd recognizes V1 connections and passes them off to the V1 sshd.
The trick I had to stumble on is that you have to have both V1 sshd
and V2 sshd installed, with V2 sshd running as the default ssh.
Connections from a V2 ssh likewise will pass the outgoing connection
off to the V1 ssh if the remote server is a V1 server. Again, you
have to have both V1 and V2 clients installed to make this work.
Dan
--
Dan Watts
Vitts Networks
dwatts at vitts.com
More information about the NANOG
mailing list