Emiel Kollof wrote: > Emiliano Kargieman wrote: > > > > What you are missing is the following: upgrading to SSH 2 implies upgrading to > > version 2 of the protocol, in order to prevent the abovementioned problem you > > can no longer support compatibility with version 1.x of the protocol. So you > > have to update all your SSH servers and clients. > > Not true. If you have ssh1 installed, and you compile ssh2, ssh2 > maintains version1 protocol compatibility, which means you can still > connect to a ssh2 sshd with a ssh1 client. > yes, but thats exactly what you DONT want protocol version 1 (note that i said protocol not ssh) has the problem that Emiliano was refering to, besides being much more modular and clean. If you are really concerned about security you dont want backwards compatibility with a flawed protocol. Therefore, your SSH2 serverrs shouldnt allow v1 connections, therefore you should upgrade the clients as well. This reminds me of the issues related to MS NT and MS win95 authentication... -ivan -- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email : iarce@core-sdi.com http://www.core-sdi.com Pte. Juan D. Peron 315 Piso 4 UF 17 1038 Capital Federal Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 Casilla de Correos 877 (1000) Correo Central ===================================================================== --- For a personal reply use iarce@core-sdi.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:35 PDT