Don't panic (ssh)

2002-01-14 Thread Jacques Lav!gnotte
Good Morning, While you are talking about ssh issues... >From my log : Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with +SSH-1.0-SSH_Version_Mapper. Don't panic. Jan 13 09:50:58 news sshd[896]: Did not receive identification string from +216.78.148.184 Should I really Not Pa

Don't panic (ssh)

2002-01-14 Thread Jacques Lav!gnotte
Good Morning, While you are talking about ssh issues... >From my log : Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with +SSH-1.0-SSH_Version_Mapper. Don't panic. Jan 13 09:50:58 news sshd[896]: Did not receive identification string from +216.78.148.184 Should I really Not Pan

Re: Don't panic (ssh)

2002-01-14 Thread Thomas Seyrat
Jacques Lav!gnotte wrote: > Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with > +SSH-1.0-SSH_Version_Mapper. Don't panic. > Jan 13 09:50:58 news sshd[896]: Did not receive identification string from > +216.78.148.184 > Should I really Not Panic ? :) Not if your SSH daemon is up

Re: Don't panic (ssh)

2002-01-14 Thread Iain Tatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 January 2002 at 10:35:17 Thomas Seyrat wrote: TS> Not if your SSH daemon is up to date :-) Is the SSHD in the latest potato fully up-to-date, though? I am a very recent convert to Debian, having been an avid Slackware fan for the last seven

Re: Don't panic (ssh)

2002-01-14 Thread crispin
On Mon, Jan 14, 2002 at 11:07:38AM +, Iain Tatch wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 14 January 2002 at 10:35:17 Thomas Seyrat wrote: > > TS> Not if your SSH daemon is up to date :-) > > Is the SSHD in the latest potato fully up-to-date, though? I am a very > r

Re: Don't panic (ssh)

2002-01-14 Thread Iain Tatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 January 2002 at 11:48:34 [EMAIL PROTECTED] wrote: >> Have I missed something and was I already OK, or is the current stable >> potato release shipping with a potential ssh security hole? > AFAIK, all SSH1 connections are vulnerable to the CR

Re: Don't panic (ssh)

2002-01-14 Thread Daniel Polombo
Iain Tatch wrote: > >>AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus you need >>to use SSH2 protocol. OpenSSH supports SSH2. You need different keys though, >>as SSH2 so far does not support RSA keypairs and needs DSA keys. >> > That's the impression I was under, too. In

RE: Don't panic (ssh)

2002-01-14 Thread Craigsc
How do you disable ssh1 protocol with the current ssh on potato ?> ..Craig -Original Message- From: Daniel Polombo [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 2:45 PM To: Iain Tatch Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Don't panic (ssh) Iain Tat

Re: Don't panic (ssh)

2002-01-14 Thread Tim Haynes
"Craigsc" <[EMAIL PROTECTED]> writes: > How do you disable ssh1 protocol with the current > ssh on potato ?> I don't think you have to. See . Or have I really been so asleep as not to notice a major "thou shalt not use ssh1 even though we applied all

Re: Don't panic (ssh)

2002-01-14 Thread Iain Tatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 January 2002 at 13:05:57 Craigsc wrote: > How do you disable ssh1 protocol with the current > ssh on potato ?>> I may be very wrong here as I've only been using Debian for 3 days now, but as far as I can see the current sshd on potato only sup

RE: Don't panic (ssh)

2002-01-14 Thread Denny Fox
> -Original Message- > From: Craigsc [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 7:06 AM > To: Debian-Security; Daniel Polombo > Subject: RE: Don't panic (ssh) > > > How do you disable ssh1 protocol with the current > ssh on potato ?> &g

Re: Don't panic (ssh)

2002-01-14 Thread Glenn McGrath
On Mon, 14 Jan 2002 13:10:08 + "Tim Haynes" <[EMAIL PROTECTED]> wrote: > "Craigsc" <[EMAIL PROTECTED]> writes: > > > How do you disable ssh1 protocol with the current > > ssh on potato ?> > > I don't think you have to. See > . > I dont know abo

Re: Don't panic (ssh)

2002-01-14 Thread Christian Kurz
On 14/01/02, [EMAIL PROTECTED] wrote: > AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus > you need to use SSH2 protocol. OpenSSH supports SSH2. You need > different keys though, as SSH2 so far does not support RSA keypairs > and needs DSA keys. OpenSSH supports both, RSA and

Re: Don't panic (ssh)

2002-01-14 Thread Will Aoki
On Mon, Jan 14, 2002 at 12:17:15PM +, Iain Tatch wrote: > On 14 January 2002 at 11:48:34 [EMAIL PROTECTED] wrote: > > >> Have I missed something and was I already OK, or is the current stable > >> potato release shipping with a potential ssh security hole? > > > AFAIK, all SSH1 connections

Re: Don't panic (ssh)

2002-01-14 Thread crispin
On Mon, Jan 14, 2002 at 11:07:38AM +, Iain Tatch wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 14 January 2002 at 10:35:17 Thomas Seyrat wrote: > > TS> Not if your SSH daemon is up to date :-) > > Is the SSHD in the latest potato fully up-to-date, though? I am a very > r

Re: Don't panic (ssh)

2002-01-14 Thread Thomas Seyrat
Jacques Lav!gnotte wrote: > Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with > +SSH-1.0-SSH_Version_Mapper. Don't panic. > Jan 13 09:50:58 news sshd[896]: Did not receive identification string from > +216.78.148.184 > Should I really Not Panic ? :) Not if your SSH daemon is up t

Re: Don't panic (ssh)

2002-01-14 Thread Iain Tatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 January 2002 at 10:35:17 Thomas Seyrat wrote: TS> Not if your SSH daemon is up to date :-) Is the SSHD in the latest potato fully up-to-date, though? I am a very recent convert to Debian, having been an avid Slackware fan for the last seven y

Re: Don't panic (ssh)

2002-01-14 Thread crispin
On Mon, Jan 14, 2002 at 11:07:38AM +, Iain Tatch wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 14 January 2002 at 10:35:17 Thomas Seyrat wrote: > > TS> Not if your SSH daemon is up to date :-) > > Is the SSHD in the latest potato fully up-to-date, though? I am a very > re

Re: Don't panic (ssh)

2002-01-14 Thread Iain Tatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 January 2002 at 11:48:34 [EMAIL PROTECTED] wrote: >> Have I missed something and was I already OK, or is the current stable >> potato release shipping with a potential ssh security hole? > AFAIK, all SSH1 connections are vulnerable to the CRC

Re: Don't panic (ssh)

2002-01-14 Thread Daniel Polombo
Iain Tatch wrote: AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus you need to use SSH2 protocol. OpenSSH supports SSH2. You need different keys though, as SSH2 so far does not support RSA keypairs and needs DSA keys. That's the impression I was under, too. In which ca

RE: Don't panic (ssh)

2002-01-14 Thread Craigsc
How do you disable ssh1 protocol with the current ssh on potato ?> ..Craig -Original Message- From: Daniel Polombo [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 2:45 PM To: Iain Tatch Cc: [EMAIL PROTECTED]; debian-security@lists.debian.org Subject: Re: Don't panic (ssh

Re: Don't panic (ssh)

2002-01-14 Thread Tim Haynes
"Craigsc" <[EMAIL PROTECTED]> writes: > How do you disable ssh1 protocol with the current > ssh on potato ?> I don't think you have to. See . Or have I really been so asleep as not to notice a major "thou shalt not use ssh1 even though we applied all

Re: Don't panic (ssh)

2002-01-14 Thread Iain Tatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 January 2002 at 13:05:57 Craigsc wrote: > How do you disable ssh1 protocol with the current > ssh on potato ?>> I may be very wrong here as I've only been using Debian for 3 days now, but as far as I can see the current sshd on potato only supp

RE: Don't panic (ssh)

2002-01-14 Thread Denny Fox
> -Original Message- > From: Craigsc [mailto:[EMAIL PROTECTED] > Sent: Monday, January 14, 2002 7:06 AM > To: Debian-Security; Daniel Polombo > Subject: RE: Don't panic (ssh) > > > How do you disable ssh1 protocol with the current > ssh on potato ?> &g

Re: Don't panic (ssh)

2002-01-14 Thread Glenn McGrath
On Mon, 14 Jan 2002 13:10:08 + "Tim Haynes" <[EMAIL PROTECTED]> wrote: > "Craigsc" <[EMAIL PROTECTED]> writes: > > > How do you disable ssh1 protocol with the current > > ssh on potato ?> > > I don't think you have to. See > . > I dont know abou

Re: Don't panic (ssh)

2002-01-14 Thread Christian Kurz
On 14/01/02, [EMAIL PROTECTED] wrote: > AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus > you need to use SSH2 protocol. OpenSSH supports SSH2. You need > different keys though, as SSH2 so far does not support RSA keypairs > and needs DSA keys. OpenSSH supports both, RSA and

Re: Don't panic (ssh)

2002-01-14 Thread Will Aoki
On Mon, Jan 14, 2002 at 12:17:15PM +, Iain Tatch wrote: > On 14 January 2002 at 11:48:34 [EMAIL PROTECTED] wrote: > > >> Have I missed something and was I already OK, or is the current stable > >> potato release shipping with a potential ssh security hole? > > > AFAIK, all SSH1 connections

Re: Don't panic (ssh)

2002-01-14 Thread crispin
On Mon, Jan 14, 2002 at 11:07:38AM +, Iain Tatch wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 14 January 2002 at 10:35:17 Thomas Seyrat wrote: > > TS> Not if your SSH daemon is up to date :-) > > Is the SSHD in the latest potato fully up-to-date, though? I am a very > re