| From: | "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx> |
| Date: | Wed, 28 Jul 2004 18:17:39 +0200 |
2) By default ssh and sshd can automatically switch to the obsolete SSH
protocol v1 if one of the two doesn't support v2. I'm asking to remove this
automatic process, letting the user manually choose obsolete v1 using "ssh
-1" command.
3) Obsolete SSH protocol v1 key is only 768 bits long and it's regenerated
every hour. Even if I suggest not to use v1, I think it can be better to
increase the keysize to 1024.
5) I would suggest to modify the current banner of sshd so that it would seems
a clean installation of OpenSSH-portable. Using a special banner is a good
way to let everyone know if you're vulnerable to some attacks. Like happened
with Apache worms that were looking for particular versions/platform.
6) DF is a complete OS and so you can have your own needs. This should let you
ask for commits on external projects like OpenSSH-portable and OpenSSL. What
I'm suggesting is to import their code as they release it and send them any
patch so that they'll be the real maintainers of the code. This can be easy
if you think at #ifdef and ./configure --host=DragonFlyBSD. This should save
DF developers time and keep original authors working on their projects for
you.
cheers simon
-- /"\ \ / \ ASCII Ribbon Campaign / \ Against HTML Mail and News
Attachment:
PGP.sig
Description: This is a digitally signed message part