Date: Thu, 27 Aug 1998 14:20:11 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: "Ron 'The Insane One' Rosson" <insane@oneinsane.net> Cc: dima@best.net, axl@iafrica.com, freebsd-ports@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: SSH port Message-ID: <Pine.BSF.4.02A.9808271418210.14873-100000@shell6.ba.best.com> In-Reply-To: <19980827115247.B11893@oneinsane.net>
next in thread | previous in thread | raw e-mail | index | archive | help
AFAIK both .25 and .26 have crc data injection bug fixed:
% ssh -v -p 139 twentythree.jkb.org
SSH Version 1.2.25 [i386-unknown-freebsd2.2.6], protocol version 1.5.
Compiled with RSAREF.
[snip]
0wn.jkb.org: Sent encrypted session key.
0wn.jkb.org: Installing crc compensation attack detector
0wn.jkb.org: Received encrypted confirmation.
[snip]
Is there another bug you guys are talking about?
And yes, the license does blow. That means ISPs will have to pay
if they want to use ssh2
-- Yan
www.best.com/~jkb/ Unix users of the world unite:
www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com
"Turn up the lights, I don't want to go home in the dark."
On Thu, 27 Aug 1998, Ron 'The Insane One' Rosson wrote:
>On Thu, Aug 27, 1998 at 11:46:40AM -0700, Dima Ruban wrote:
>> Grrr, I just went through the license. Sucks.
>> Btw, I was under impression that 1.26 has a fix for the insertion attack...
>
>If you find the fix for the assertion let me know.. I would like to get this
>one headache cleared up. I love my ssh. <what is telnet ?? ;-)>
>
>>
>> Ron 'The Insane One' Rosson writes:
>> > On Thu, Aug 27, 1998 at 07:32:42PM +0200, Sheldon Hearn wrote:
>> > >
>> > >
>> > > On Thu, 27 Aug 1998 09:21:38 MST, "Ron 'The Insane One' Rosson" wrote:
>> > >
>> > > > Is there a reason why we dont have a port of the ver 2.x
>> > > > ssh.
>> > >
>> > > It may have something to do with the software not being freely
>> > > distributable. This is from the LICENSE document in the tarball:
>> > >
>> > > | THERE IS NO WARRANTY OF ANY KIND FOR THIS SOFTWARE. THIS SOFTWARE IS
>> > > | FOR NON-COMMERCIAL USE ONLY.
>> > > |
>> > > | Please contact Data Fellows <http://www.datafellows.com/>; for
>> > > | commercial licensing.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808271418210.14873-100000>