[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssh protocol version 1 and 2 allowed?
"Sancho2k Lists" <email@example.com> wrote:
> Are my fears for using protocol version 1 unfounded, or am I rightly
> alarmed in connections using version 1 being allowed? Would changing
> the 'Protocol' option to only allow version 2 introduce any problems
> if I intend to use version 2 for my connections only?
The real problems with v1 have been corrected, as in deattack.c. The
remainder are mostly theoretical or very difficult to exploit. However,
switching to only allowing v2 is fine. You can also set the clients to
v2 only, so you aren't ever stuck in a situation where you only have a
v1 client available and can't login.
Don't be humble; you're not that great.