> according to packages.debian.org/ssh2 there is no ssh2 package > available for potato/stable. > > i suppose this is a conundrum for the developers -- normally > security fixes are beamed back to potato in a hurry, but ssh > (version 1) has security troubles, and to fix them would > introduce a new package (ssh2) which is against 'stable' > policy... > > what's the fix for a potato production server? can ssh2 be had > from nonstandard apt sources for potato?
If you want to avoid protocol version 1, you can get and build the openss[lh] sources from testing and install the binaries. It worked for me on Oct. 20th: # dpkg -i /usr/local/src/DEB-SRC/openssl/openssl_0.9.6b-2_i386.deb # dpkg -i /usr/local/src/DEB-SRC/openssl/libssl0.9.6_0.9.6b-2_i386.deb # dpkg -i /usr/local/src/DEB-SRC/openssl/libssl-dev_0.9.6b-2_i386.deb # dpkg -i /usr/local/src/DEB-SRC/openssh/ssh_2.9p2-6_i386.deb HTH Stony
