From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <2a5251c5f0d6ff7d90c428a4dfa29c5e@plan9.bell-labs.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] SSH Version2 From: Eric Grosse MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Mon, 7 Oct 2002 14:09:25 -0400 Topicbox-Message-UUID: ffbdb4ec-eaca-11e9-9e20-41e7f4b1d025 > yikes, does that mean Plan9 is subject to the ssh1 problems other systems are > warned not to pursue (via switching to ssh2)? We're not vulnerable to the integer overflow leading to root compromise, because our implementation is independent and we happen not to have the same bugs. But yes, we're vulnerable to the CRC/CBC attacks inherent in the protocol; see http://www.kb.cert.org/vuls/id/13877 for details. Unlike the integer overflow and man-in-the-middle attacks, this one is not straightforward to launch. Patches to other ssh implementations have often introduced worse holes than the original problem, so we're inclined to just switch to ssh2. As further motivation, we mainly use ssh to call from Plan 9 to Unix systems and those will increasingly allow only ssh2. But nobody here has had time to do the work yet. Any volunteers from outside? We'd happily take back improved code and replace what's in the distribution. Also, if anyone following this more closely knows for a fact that tools for script kiddies can routinely hijack existing sessions or break in to the idle server under our implementation, please send mail and we'll rearrange our priorities. Eric