Sorry the advisory that I remembered seeing was this one not the one listed below but both seem to have some relevance.
http://www.cert.org/advisories/CA-2001-35.html Ken -----Original Message----- From: Jeff Newmiller [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Newmiller Sent: Sunday, December 16, 2001 1:19 AM To: Ken Cc: Leaf User Support List Subject: Re: [Leaf-user] OpenSSH Solved - was "Dachstien Documentation Idiosyncrasies" On Sat, 15 Dec 2001, Ken wrote: [...] > I find it interesting that OpenSSH works with Putty when > they explicitly say on their website that they do NOT > support OpenSSH unless Jacques Nilo's version of OpenSSH > just degrades itself to use ssh v1 or v2 when attaching from > Putty. It may be that we are not getting all the features > of OpenSSh we think we are getting. Don't know, and in my > case (closed internal network no ssh from external) I don't > really care. It is more of a learning experience then a > necessity for me. Still interested if the CIAC bulletin has > caught anyone's attention to check if we have a security > hole. The website is > http://www.ciac.org/ciac/bulletins/m-026.shtml Well, a) you would have to be using multiple logins (which I think is true with weblet) b) an untrusted person would have to know or be able to set the password for that account. They rate it medium. For LEAF, I think it looks even less critical. I think it is more important to not use login access from outside your LAN at all anyway. If you want to come in from outside, use public-key access. > The exact verbiage from the Putty website (could just be an > out of date FAQ - hey, how often could that happen?) > http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#A > .1.2 > A.1.2 Does PuTTY support reading OpenSSH or ssh.com SSHv2 > private key files? > Not at present. OpenSSH and ssh.com have totally different > formats for private key files, and neither one is > particularly pleasant, so PuTTY has its own. We do plan to > write a converter at some stage. Seems pretty clear to me. They don't support the file format for OpenSSH private key files. That would mean... don't try to create a v2 private key file using OpenSSH and transfer it to a Winbox and expect to be able to use it with Putty. Says nothing about compatibility with v1 private key files, or with on-the-wire public key exchanges. ------------------------------------------------------------ --------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k ------------------------------------------------------------ --------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
