perl-modperl-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@collab.net>
Subject Re: ssh2
Date Tue, 11 Jan 2000 14:01:03 GMT
On Tue, 11 Jan 2000, Stas Bekman wrote:
> I just wanted to remind that there was a security hole found in ssh1, and
> most of the sites I work with have already moved to ssh2 protocol. Do you
> think apache.org should do the same?

Actually the security hole was in the RSAref libraries, and I've updated
and securifyied everything appropriately within hours of seeing the
bugtraq post.

I refuse to update to SSH2 because the new protocol is an attempt by
F-Secure to grab hold of the momentum behind the open-source SSH for
itself.  SSH2 provides no material advantages, and its server is non-free
(not just non-open-source, non-free in other wats).  The effort to support
is OpenSSH - www.openssh.org.  I installed their daemon but it had
interoperability problems with SecureCRT so I bailed on it, but I plan to
return to it once it's got more stability.

	Brian




Mime
View raw message