From owner-freebsd-security Thu Aug 27 11:48:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA29931 for freebsd-security-outgoing; Thu, 27 Aug 1998 11:48:02 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA29894; Thu, 27 Aug 1998 11:47:46 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.8.8/RDY&DVV) id LAA00887; Thu, 27 Aug 1998 11:46:40 -0700 (PDT) Message-Id: <199808271846.LAA00887@burka.rdy.com> Subject: Re: SSH port In-Reply-To: <19980827113954.A11893@oneinsane.net> from "Ron 'The Insane One' Rosson" at "Aug 27, 1998 11:39:54 am" To: insane@oneinsane.net Date: Thu, 27 Aug 1998 11:46:40 -0700 (PDT) Cc: axl@iafrica.com, dima@best.net, freebsd-ports@FreeBSD.ORG, freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL45 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Grrr, I just went through the license. Sucks. Btw, I was under impression that 1.26 has a fix for the insertion attack... Ron 'The Insane One' Rosson writes: > On Thu, Aug 27, 1998 at 07:32:42PM +0200, Sheldon Hearn wrote: > > > > > > On Thu, 27 Aug 1998 09:21:38 MST, "Ron 'The Insane One' Rosson" wrote: > > > > > Is there a reason why we dont have a port of the ver 2.x > > > ssh. > > > > It may have something to do with the software not being freely > > distributable. This is from the LICENSE document in the tarball: > > > > | THERE IS NO WARRANTY OF ANY KIND FOR THIS SOFTWARE. THIS SOFTWARE IS > > | FOR NON-COMMERCIAL USE ONLY. > > | > > | Please contact Data Fellows for > > | commercial licensing. > > > > The document goes on to wrap non-commercial use up quite tightly, > > including the prohibition for use in administration of educational > > systems. You should probably look at the file yourself to be sure you > > qualify for a license. > > Thanx for showing my ignorance. I failed to dig that deep into it. My > apologies for that. > > After this post I am going to bear down and read the license. The thing that > gets me is that the previous versions before it have always been 'freely > distributable'. This is starting to smell like the same thing > that happened with Xfree. I could be wrong. If anyone has nessus installed > on their system and ssh also you will pick up on the possibility of an > insecure ssh. Again I could e wrong and jumping in the wrong direction > but it kinda rattled my cage. > > > > > > Sorry for the cross psot but theis came to my attention from running > > > some tests on my own machines. > > > > Your problem, not ours, eh? :-) > > > NP.. > TIA > Ron > > -- > -------------------------------------------------------- > Ron Rosson ... and a UNIX user said ... > The InSaNe One rm -rf * > insane@oneinsane.net and all was null and void > -------------------------------------------------------- > It's so nice to be insane, nobody asks you to explain. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message