DragonFly BSD
DragonFly kernel List (threaded) for 2004-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: ideas 2

From: "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>
Date: Wed, 28 Jul 2004 18:17:39 +0200

On 28.07.2004, at 18:07, Ed wrote:


2) By default ssh and sshd can automatically switch to the obsolete SSH
protocol v1 if one of the two doesn't support v2. I'm asking to remove this
automatic process, letting the user manually choose obsolete v1 using "ssh
-1" command.

DragonFly's sshd doesn't use ssh1 by default.

3) Obsolete SSH protocol v1 key is only 768 bits long and it's regenerated
every hour. Even if I suggest not to use v1, I think it can be better to
increase the keysize to 1024.

n/a as we don't have ssh1 enabled in the default install

5) I would suggest to modify the current banner of sshd so that it would seems
a clean installation of OpenSSH-portable. Using a special banner is a good
way to let everyone know if you're vulnerable to some attacks. Like happened
with Apache worms that were looking for particular versions/platform.

this is security by obscurity and doesn't help except maybe agains script kiddies.

6) DF is a complete OS and so you can have your own needs. This should let you
ask for commits on external projects like OpenSSH-portable and OpenSSL. What
I'm suggesting is to import their code as they release it and send them any
patch so that they'll be the real maintainers of the code. This can be easy
if you think at #ifdef and ./configure --host=DragonFlyBSD. This should save
DF developers time and keep original authors working on their projects for

we are doing that already, afaik


\ /
 \     ASCII Ribbon Campaign
/ \  Against HTML Mail and News

Attachment: PGP.sig
Description: This is a digitally signed message part

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]