Re: what is the latest version of openssh-server

From: Jeremiah Foster (jeremiah.foster_at_gmail.com)
Date: 05/10/05

  • Next message: Shahzad Chohan: "vi query" 
    Date: Tue, 10 May 2005 17:00:17 +0200
To: For users of Fedora Core releases <fedora-list@redhat.com>

    jim martin wrote:

    >Hi.. We are using openssh-server-3.9p1-7 for our FC3
    >box,
    >
    >[root@wa ]# rpm -qa | grep openssh-server
    >openssh-server-3.9p1-7
    >
    >however our auditor want us to upgrade from
    >Openssh protocol '1' to '2'
    >
    >
    >
    The protocol your auditor speaks of is built into most newer versions of
    openssh, so in fact you do not have to upgrade the openssh software if
    you want to use protocol 2. Read up about the different protocols in
    openssh to find out more, maybe start with

    $ man ssh

    at the command line. For example it says;

         Protocol 2 provides additional mechanisms for confidentiality (the
    traf-
         fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and
    integrity
         (hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong
    mechanism for
         ensuring the integrity of the connection.

    >it means I need to upgrade to openssh-server-3.9p2..
    >right??
    >
    >
    >
    No.

    >But when I do a
    >
    >[root@wa]# up2date --showall | grep openssh-server
    >openssh-server-3.9p1-8.0.1.i386
    >
    >It is still p1 only
    >
    >I log on to https://rhn.redhat.com/ and did a search
    >on openssh-server package. those available are all p1
    >only. Am I going to the right URL for FC3 ??
    >
    You may want to download the latest version of openssh, it is available
    from http://www.openssh.com/portable.html

    The latest version was released in March and is version 4.0p1. Note that
    If you are using certain older versions of openssh you may be at risk.
    See today's New York Times for more information.

    Jeremiah

    >
    >
    >
    > 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Shahzad Chohan: "vi query"

    Relevant Pages

    • FreeBSD Security Advisory FreeBSD-SA-01:24.ssh
      ... OpenSSH is an implementation of the SSH1 and SSH2 secure shell ... An SSH1 client/server from ssh.com is included in the ports ... mistake in code intended to work around a protocol flaw in the SSH1 ... of the ssh port prior to ssh-1.2.27_3 are vulnerable to these attacks. ...
      (FreeBSD-Security)
    • Re: Request for Comments: Getting OpenSSH to work with ssh.com and itself
      ... All the titles involving mixed protocol versions ... "To be clear, the two protocol versions SSH1 and SSH2 do not interoperate, ... Leaving your keys around inside an ssh-agent indefinitely means ... > assume what you mean is connecting an SSH2 client to an OpenSSH server, ...
      (comp.security.ssh)
    • [HPADM] Summary: Running OpenSSH as a Daemon on HP-UX 11.11
      ... We chose OpenSSH instead of HP's SSH program because our main application ... The script is: ... # Checks for the existence of the host DSA key (protocol version 2) ... # Checks for the existence of the host RSA key ...
      (HP-UX-Admin)
    • Re: CVS and version 9.0
      ... I this OpenSSH version is removed kerberos support from protocol SSH1, ... users who use identity keys for remote login with passphrases. ... ssh-add is called and doesn't have a real TTY, ...
      (alt.os.linux.suse)
    • Re: Request for Comments: Getting OpenSSH to work with ssh.com and itself
      ... SSH userauth methods, and the choice depends strongly on whether the ... (openssh, protocol 1)-> ... Leaving your keys around inside an ssh-agent indefinitely means ...
      (comp.security.ssh)