On (25/06/02 17:38), Rick Moen didst pronounce:
>> Well, I haven't yet tested using either RSA or DSA keypairs, but
> version-1.5 protocol support definitely is OK (per my tests using
> "ssh -v -1 hostname". I'll test using keypairs next, I guess.
>It works fine using the -1 switch to ssh according to
http://www.debian.org/security/2002/dsa-134 -- problem here was that it
was set in the config to use version one for this particular machine,
but it seemed to be ignored. Whatever the problem, using protocol 2 keys
seems to have sorted it out.
> What a pain in the neck this is turning out to be, eh?
>Agreed. I've been left second guessing implementing privsep all day
(though I haven't had any problems yet, apart from a few people asking
why compression is disabled). I saw the mail saying someone had found a
root sploit with privsep enabled, but have heard nothing else about it.
I don't know whether to believe it or not. But, it kinda leaves you with
either a root sploit without privsep or a possible one with it. I like the
idea of privsep and haven't had any problems with it so far, so I think
I'll be leaving it enabled for the time being.
By the way, just for information purposes, we're running kernel 2.2.20
on debian with openssh installed using apt-get from testing. I haven't
tried compression yet.
--
Chat ya later,
John.
--
BOFH excuse #84: Someone is standing on the ethernet cable, causeing a kink in the cable
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
