back to article SSH sniffer attack poses minor risk

UK security researchers have discovered hard-to-exploit cryptographic weaknesses in the Secure Shell (SSH) remote administration protocol. The shortcoming creates a potential means to recover the plain text of encrypted sessions, depending on remote access configurations. Potential attacks - which would take ninja-like hacking …


This topic is closed for new posts.
  1. RaelianWingnut

    Default is...

    Anyone remember what the default is for OpenSSH (block or stream cipher type)?

  2. Justin Case

    Think of the children

    Anything which poses risk to minors must be stopped.

  3. John Haxby

    Re: Default is ...

    For openssh 3.9p1, 4.3p2 and 5.1p1 (the versions I have readily to hand) the default cipher would appear to be aes128-cbc. You can put a "Ciphers" stanza in you ~/.ssh/config to choose one of the stream ciphers -- see ssh_config(5). I've no idea what you do if you're using winders.

    I expect there'll be a patch along shortly though.

  4. Anonymous Coward

    Pedanticism "Corner"

    "the Secure Shell (SSH) remote administration protocol"

    hmmn. Remote shell protocol maybe, but it's used for a lot more than just admin work.

  5. Tim Bates


    The ninjas that can manage a man in the middle could possibly capture packets and decrypt them back to plain text. Which if they are lucky contains something nice to steal.

    Sounds like a pretty limited flaw. I won't be going out of my way to fix it... I'll fix it by waiting for Debian to fix it for me ;-)

This topic is closed for new posts.

Other stories you might like