System: Tru64 v5.1A with Patchkit 1.
I asked if there was any way to connect to/from ssh v1 clients
(using Teraterm) to Tru64 systems running Compaq's ssh aoftware
(which is actually ssh v2).
Thanks to the following folks for their replies:
Yehia Beyh of the Tru64 Unix SSH Team at Compaq
Ann Majeske at Compaq (for alerting the team)
Stan Horwitz at Temple
George Dimitoglou at NASA
Cathy Chandra of University of Otago
System Admin _at_ astro.su.se
The official answer came from Yehia (thanks to Ann for alerting
the team):
...............................................................
Our SSH product allows you to be compatible with ssh protocol
1, but we do not ship a ssh 1 version client/server for our
system and we don't recommend it. By enabling the ssh
compatibility keyword in the configuration file means that you
are compatible with an ssh1 version, but you need to supply the
ssh1 client/server for your system: To do this you must first
install a ssh1 client/server on your Tru64 Unix system (Openssh
has free software that you can use). Two, configure the
ssh2_config and sshd2_config files by enabling ssh1
compatibility and providing the path to the client/servers.
Our SSH V1.O version does no provide you with an ssh1
client/server. Our next version of ssh will provide an ssh1
emulator.
We hope this helps,
The Tru64 Unix SSH Team
Notice:
Our ssh product installs a library called libssh.so. Before
building the ssh1 product make sure that you rename the
/usr/shlib/libssh.so to /usr/shlib/libssh.so_hide then rename
it back to its original name.
Recommendations:
PuTTY offers a free Win32 Telnet/SSH Client that supports
protocol 2. Try using this instead of the teraterm product and
you won't need to use ssh1 or need to build it on your tru64
unix system.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
...............................................................
All other responses are listed here:
...............................................................
Stan Horwitz at Temple:
Why not use a more updated version of Teraterm. Both ssh1 and
ssh2 have known security issues. Some pretty big holes. If
you're using Windows machines, there's a nice ssh client at
http://www.ssh.com/
...............................................................
...............................................................
George Dimitoglou at NASA:
> sshd2_config:# Ssh1Compatibility <set by configure by default>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
you need to put the path of sshd1 here
...............................................................
...............................................................
Cathy Chandra of University of Otago:
SSH1 has severe security vulnerabilites (announced just before
Xmas). Recommended practice is to tell your clients they must
use a version of SSH which is SSH2 compatible (what about
"putty" ?)
...............................................................
...............................................................
System Admin _at_ astro.su.se:
... which appears (from the config file syntax) to be a version
of ssh.com's product. If so, "v1 compatibility" consists of
invoking separate ssh1 server or client binaries. These need to
be installed for the compatibility mode to actually work.
Installing them is, however, a VERY BAD idea because of the
security holes that have been found and actively exploited in
them over the past 12 months.
If you must have SSHv1 support, your best bet is to use (the
latest version of) OpenSSH,
http://www.openssh.com/ (not .org,
for silly reasons; but OpenSSH is in fact free software).
A better (at least from a security point of view; it may be
more work to you) alternative would be to replace Teraterm
with a version that supports the instrinsically more secure
SSHv2.
...............................................................
So, the consensus is to look for a v2 client.
Thanks again,
-- mahendra
.....................................................................
A. Mahendra Rajah Email: Mahendra.Rajah_at_URegina.CA
Tru64 UNIX Systems Manager Phone: (306) 585-4496
Dept. of Computing Services FAX: (306) 585-5060
University of Regina,
Regina, Sask., S4S 0A2
Canada.
.....................................................................
Received on Tue Feb 05 2002 - 17:17:31 NZDT