I didn't get any response from -questions, so I thought I would try
here. I know some are stupid, but keep with me ok?!
___

I was hoping that everyone out there can clarify a couple questions
(and/or possibly false statements) I have regarding SSH.

FreeBSD (4.5) SSH in the system source is (or was) built from
OpenSSH3.3?

FreeBSD (4.5) ships with the SSH ports (ssh and ssh2) from ssh.com?

To stay consistent with the FreeBSD project then, it would be a good
idea to build out of the openssh or openssh-portable ports instead of
the ssh/ssh2 ports -- using the portable port if and only if PAM
support is needed?

Have the security issues recently released from ISS and OpenSSH have
been fixed and the ports in openssh and openssh-portable (both OpenSSH
3.4) have been initially tested, and found to be ok in the following
areas -- 1) ChallengeResponseAuth is now fixed, 2) key exchanges with
previously created DSA or RSA keys are now working currently, and 3)
PRIVSEP is now enabled by default in both openssh ports?

Are there any issues that should keep me from using the ssh.com ports
(besides the possible security issues with SSH1 on a protocol level)
and the lack of a PRIVSEP mechanism?

Thanks.

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]