Re: [Fed-Talk] Disabling sslv2 on ssh
Re: [Fed-Talk] Disabling sslv2 on ssh
- Subject: Re: [Fed-Talk] Disabling sslv2 on ssh
- From: Roy Mendelssohn <email@hidden>
- Date: Mon, 23 Feb 2009 13:09:11 -0800
As Rex pointed out, ssh only has protocol up to version 2 AFAIK.
There is a version 3 protocol for sftp, but that is what is most
commonly used. Can you provide a URL to ssh-3?
-Roy
On Feb 23, 2009, at 12:41 PM, Losasso, Jonathan E IT3 CCG, N63 wrote:
Well that explains it, thanks for the quick responses!
Back to the problem that brought me to this. How would I go about
disabling
sslv2 completely and revert to v3 in leopard? I can't seem to find
much
documentation on it.
Thanks again.
-Jonathan
-----Original Message-----
From: Rex Sanders [mailto:email@hidden]
Sent: Monday, February 23, 2009 12:36
To: Losasso, Jonathan E IT3 CCG, N63; email@hidden
Subject: Re: [Fed-Talk] Disabling sslv2 on ssh
Jonathan,
sshd_config "Protocol" line specifies the SSH protocol version, not
SSL
protocol version. AFAIK, SSH does not use the SSL protocol at all.
SSH version 1 ("Protocol 1") has known design vulnerabilities and
should not
be used or allowed.
SSH version 2 ("Protocol 2") is the current standard. SSHv2 has one
design
vulnerability with certain widely used ciphering schemes ("CBC mode
encryption"). The vulnerability is difficult to exploit, almost
impossible
to exploit quietly, and "can potentially allow an attacker to
recover up to
32 bits of plaintext from an arbitrary block of ciphertext".
http://www.kb.cert.org/vuls/id/958563
Workaround - specify only CTR mode encryption. Some clients don't
support
CTR mode.
AFAIK, there is no SSH version 3 ("Protocol 3"), so I'm not
surprised that
specifying protocol 3 doesn't work.
Wikipedia has some of the history and details:
http://en.wikipedia.org/wiki/Ssh
-- Rex
At 12:04 PM -0800 2/23/09, Losasso, Jonathan E IT3 CCG, N63 wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/signed; micalg=SHA1;
protocol="application/x-pkcs7-signature";
boundary="----=_NextPart_000_002E_01C995AE.DB867500"
Anyone know how to force ssh to use sslv3 instead of v2 correctly?
When I change Protocol from 2 to 3 in sshd_config (/etc/
sshd_config) I
get an error when trying to ssh remotely into that machine (ssh
email@hidden). What am I doing wrong?
Any input is appreciated, thank you!
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
**********************
"The contents of this message do not reflect any position of the U.S.
Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097
e-mail: email@hidden (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440
www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
"From those who have been given much, much will be expected"
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden