[CLUE-Tech] ssh using RSA authentication?
David Anselmi
anselmi at americanisp.net
Thu Nov 28 10:52:13 MST 2002
Todd Williams wrote:
[...]
> This will force your ssh to only use ssh v2 - ssh v1 has known exploits
> that are actively being scanned for.
Hmm... SSHv1 has a design flaw that makes insertion attacks possible
(though difficult). Is that what you meant?
I would not say that this vulnerability is being scanned for, since it
requires access to the tcp stream of a legitimate ssh connection.
If you meant something else, could you elaborate?
Dave
More information about the clue-tech
mailing list