Yup. As per link. -------- Configure SSH for SSH2-only Access Modify the /etc/ssh/sshd_config file to change the PROTOCOL line from: #PROTOCOL 1,2 to: PROTOCOL 2 --------- On 12/28/06, Shawn Badger <sbadger@cskauto.com> wrote:
If I remember correctly ssh v1 has several security holes in it and is should be disabled by having the following in your /etc/ssh/sshd_config file: Protocol 2
On Thu, 2006-12-28 at 11:08 +0100, Mathias Homann wrote:
Am Mittwoch, 27. Dezember 2006 11:51 schrieb Marcus Meissner:
THere is no known security hole in the default install and the SUSE supplied repositories.
I cannot speak for other repositories, like packman or guru, but you would be the first reporter.
And you should give us *exact* error messages from above if you want us to help.
I don't know about 10.2 (yet; just installing rkhunter on my 10.2), but on my 10.0 rkhunter complains about this:
* Application version scan - GnuPG 1.4.2 [ Vulnerable ] - OpenSSL 0.9.7g [ Vulnerable ]
* Check: SSH Searching for sshd_config... Found /etc/ssh/sshd_config Checking for allowed root login... Watch out Root login possible. Possible risk! info: Hint: See logfile for more information about this issue Checking for allowed protocols... [ Warning (SSH v1 allowed) ]
Now, I'm not overly concerned about the "root allowed" since on my box that is allowed only with ssh key, not with passphrase, AND not from external adresses... but I'm not quite sure about the SSHv1 complaint, and the versions...
bye, MH
-- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-- "Develop success from failures. Discouragement and failure are two of the surest stepping stones to success." - Dale Carnegie --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org