Comments on “SSH sniffer attack poses minor risk” • The Register

Comments on: SSH sniffer attack poses minor risk

Back to the article
Comments on this article are now closed

Default is... #

By RaelianWingnut Posted Tuesday 18th November 2008 12:13 GMT

Anyone remember what the default is for OpenSSH (block or stream cipher type)?

Think of the children #

By Justin Case Posted Tuesday 18th November 2008 15:52 GMT

Anything which poses risk to minors must be stopped.

Re: Default is ... #

By John Haxby Posted Tuesday 18th November 2008 16:08 GMT

For openssh 3.9p1, 4.3p2 and 5.1p1 (the versions I have readily to hand) the default cipher would appear to be aes128-cbc. You can put a "Ciphers" stanza in you ~/.ssh/config to choose one of the stream ciphers -- see ssh_config(5). I've no idea what you do if you're using winders.

I expect there'll be a patch along shortly though.

Pedanticism "Corner" #

By Anonymous Coward Posted Tuesday 18th November 2008 16:12 GMT

"the Secure Shell (SSH) remote administration protocol"

hmmn. Remote shell protocol maybe, but it's used for a lot more than just admin work.

So.... #

By Tim Bates Posted Wednesday 19th November 2008 06:09 GMT

The ninjas that can manage a man in the middle could possibly capture packets and decrypt them back to plain text. Which if they are lucky contains something nice to steal.

Sounds like a pretty limited flaw. I won't be going out of my way to fix it... I'll fix it by waiting for Debian to fix it for me ;-)