From owner-freebsd-questions Mon Jul 1 12:57:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 903B537B400 for ; Mon, 1 Jul 2002 12:57:18 -0700 (PDT) Received: from inigo.digitaldeck.com (twindolphin.digitaldeck.com [66.124.240.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EE4943E0A for ; Mon, 1 Jul 2002 12:57:14 -0700 (PDT) (envelope-from chris@digitaldeck.com) Received: from IVANOVA2K (ivanova-2k.office-ca1.digitaldeck.com [192.168.1.133]) by inigo.digitaldeck.com (8.11.6/8.11.3) with SMTP id g61JvDu56457 for ; Mon, 1 Jul 2002 12:57:13 -0700 (PDT) (envelope-from chris@digitaldeck.com) From: "Chris McCluskey" To: Subject: Which SSH now (and when)? Date: Mon, 1 Jul 2002 12:57:51 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I was hoping that everyone out there can clarify a couple questions (and/or possibly false statements) I have regarding SSH. FreeBSD (4.5) SSH in the system source is (or was) built from OpenSSH3.3? FreeBSD (4.5) ships with the SSH ports (ssh and ssh2) from ssh.com? To stay consistent with the FreeBSD project then, it would be a good idea to build out of the openssh or openssh-portable ports instead of the ssh/ssh2 ports -- using the portable port if and only if PAM support is needed? The security issues recently released from ISS and OpenSSH have been fixed and the ports in openssh and openssh-portable (both OpenSSH 3.4) have been initially tested, and found to be ok in the following areas -- 1) ChallengeResponseAuth is now fixed, 2) key exchanges with previously created DSA or RSA keys are now working currently, and 3) PRIVSEP is now enabled by default in both openssh ports? Are there any dangers in using the ssh.com ports (besides the possible security issues with SSH1 on a protocol level)? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message