Stephan: > Peter Clifton <pc...@cam.ac.uk> writes: > > On Sun, 2011-02-20 at 10:36 +0100, Karl Hammar wrote: ... > >> Don't you know that protocol version 1 i vulnerable for a > >> man-in-the-middle attack? > > > > No, I didn't know that. > > > > Does it require a different type of key to be generated and used, or > > just removing that option to become secure again?
Specify v.2 in your sshd_config, and generally turn off (just in case) all v.1 protocol stuff as in: Protocol 2 RhostsRSAAuthentication no RSAAuthentication no Use rsa or dsa in your ssh-keygen: $ man ssh-keygen | grep -A 3 -e '-t type$' -t type Specifies the type of key to create. The possible values are ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto- col version 2. > id_rsa is a version 2 key. True. > The RSAAuthentication may be used for version 1 only, but that does not > mean specifying it makes ssh to use version 1. True, but there is no reason for it to be there. > Do "ssh -v git.gpleda.org" to see which version is used. Most default > sshd installations do not permit protocol version 1. Can't test that: $ ssh -v git.gpleda.org OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to git.gpleda.org [97.107.141.5] port 22. debug1: connect to address 97.107.141.5 port 22: Connection refused ssh: connect to host git.gpleda.org port 22: Connection refused $ Regards, /Karl Hammar ----------------------------------------------------------------------- Aspö Data Lilla Aspö 148 S-742 94 Östhammar Sweden +46 173 140 57 _______________________________________________ geda-user mailing list geda-user@moria.seul.org http://www.seul.org/cgi-bin/mailman/listinfo/geda-user