Re: gEDA-user: polygon regression in pcb+gl

[karl@xxxxxxxxxxx (Karl Hammar)]

Stephan:
> Peter Clifton <pcjc2@xxxxxxxxx> writes:
> > On Sun, 2011-02-20 at 10:36 +0100, Karl Hammar wrote:
...
> >> Don't you know that protocol version 1 i vulnerable for a
> >> man-in-the-middle attack?
> >
> > No, I didn't know that.
> >
> > Does it require a different type of key to be generated and used, or
> > just removing that option to become secure again?

Specify v.2 in your sshd_config, and generally turn off (just in case)
all v.1 protocol stuff as in:

 Protocol 2
 RhostsRSAAuthentication no
 RSAAuthentication no

Use rsa or dsa in your ssh-keygen:

$ man ssh-keygen | grep -A 3 -e '-t type$'
     -t type
             Specifies the type of key to create.  The possible values are
             ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto-
             col version 2.

> id_rsa is a version 2 key.

True.

> The RSAAuthentication may be used for version 1 only, but that does not
> mean specifying it makes ssh to use version 1.

True, but there is no reason for it to be there.

> Do "ssh -v git.gpleda.org" to see which version is used.  Most default
> sshd installations do not permit protocol version 1.

Can't test that:

$ ssh -v git.gpleda.org
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to git.gpleda.org [97.107.141.5] port 22.
debug1: connect to address 97.107.141.5 port 22: Connection refused
ssh: connect to host git.gpleda.org port 22: Connection refused
$

Regards,
/Karl Hammar

-----------------------------------------------------------------------
Aspö Data
Lilla Aspö 148
S-742 94 Östhammar
Sweden
+46 173 140 57




_______________________________________________
geda-user mailing list
geda-user@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-user