back to article SSH sniffer attack poses minor risk

UK security researchers have discovered hard-to-exploit cryptographic weaknesses in the Secure Shell (SSH) remote administration protocol. The shortcoming creates a potential means to recover the plain text of encrypted sessions, depending on remote access configurations. Potential attacks - which would take ninja-like hacking …


This topic is closed for new posts.
  1. RaelianWingnut

    Default is...

    Anyone remember what the default is for OpenSSH (block or stream cipher type)?

  2. Justin Case

    Think of the children

    Anything which poses risk to minors must be stopped.

  3. John Haxby

    Re: Default is ...

    For openssh 3.9p1, 4.3p2 and 5.1p1 (the versions I have readily to hand) the default cipher would appear to be aes128-cbc. You can put a "Ciphers" stanza in you ~/.ssh/config to choose one of the stream ciphers -- see ssh_config(5). I've no idea what you do if you're using winders.

    I expect there'll be a patch along shortly though.

  4. Anonymous Coward

    Pedanticism "Corner"

    "the Secure Shell (SSH) remote administration protocol"

    hmmn. Remote shell protocol maybe, but it's used for a lot more than just admin work.

  5. Tim Bates


    The ninjas that can manage a man in the middle could possibly capture packets and decrypt them back to plain text. Which if they are lucky contains something nice to steal.

    Sounds like a pretty limited flaw. I won't be going out of my way to fix it... I'll fix it by waiting for Debian to fix it for me ;-)

This topic is closed for new posts.

Other stories you might like

  • OpenSSH takes aim at 'capture now, decrypt later' quantum attacks
    Guarding against the forever almost-here crypto-cracking tech

    OpenSSH 9 is here, with updates aimed at dealing with cryptographically challenging quantum computers.

    The popular open-source SSH implementation aims to provide secure communication in a potentially unsecure network environments. While version 9 is ostensibly focused on bug-fixing, there are some substantial changes lurking within that could catch the unwary, most notably, the switch from the legacy SCP/RCP protocol to SFTP by default.

    The OpenSSH group warned the change was coming earlier this year, with a deprecation notice in February's version 8.9 release. Experimental support for transfers using the SFTP protocol as a replacement for the SCP/RCP protocol turned up in version 8.7 in August 2021 with the warning: "It is intended for SFTP to become the default transfer mode in the near future."

    Continue reading
  • OpenBSD 7.1 is out, including Apple M1 support
    26 years and only two external exploits is not to be (packet) sniffed at

    The OpenBSD Project has released version 7.1 of its eponymous OS for 13 different computer architectures, including Apple's M1 Macs.

    OpenBSD is the security-focused member of the BSD family. Project leader Theo de Raadt co-founded the NetBSD project in 1993, but after disagreements with other core team members, he left and forked the NetBSD 1.0 codebase, releasing OpenBSD 1.2 in 1996. As a generalization, OpenBSD focuses on robustness and security, NetBSD focuses on supporting as many different platforms as possible, and FreeBSD focuses on providing a rich modern OS for the most popular platforms.

    Version 7.1 is the 52nd release since then, in which time only two remote holes have been found in the default installation.

    Continue reading

Biting the hand that feeds IT © 1998–2022