In regard to: Re: compile ssh1 with Kerberos support, Atro Tossavainen said...:
>Markus Friedl wrote:
>> On Thu, Aug 02, 2001 at 11:00:48AM +0300, Atro Tossavainen wrote:
>>> David Knight French wrote:
>>>
>>>> I would highly recommend that you go to version 2.4 or 3.0 instead of
>>>> 1.2.31, which has a widely publicized security hole. OpenSSH up to
>>>> v2.3.0 also has this vulnerability,
>>>
>>> Please elaborate which vulnerability it is exactly that you mean. URLs
>>> to supporting documentation will be fine.
>>
>> he's probably talking about
>> http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
>
>Which also includes a fix for the problem.
Exactly. ssh 1.2.x certainly has lots of problems, but 2.4 and 3.x aren't
without their own problems. OpenSSH at least doesn't have all the licensing
confusion that ssh 2.x and 3.x does, but it's not perfect either. I think
it will be the way to go eventually, though.
Since the original supplicant was asking about krb5 & ssh, it's also
worth noting that there are (were?) interoperability problems between ssh
2.x and OpenSSH when both are compiled with Kerberos 5 support. That may
or may not help you decide what direction to go for ssh + krb5.
While we're on the subject, is anyone doing ssh (any version) with
cross-realm authenatication (in krb5)?
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
