Red Hat Bugzilla – Bug 186419
OpenSSH accepts ssh version 1 connections
Last modified: 2007-11-30 17:07:09 EST
Description of problem: SSH version 1 still allowed despite critical vulnerabilities of protocol Version-Release number of selected component (if applicable): All How reproducible: Every time Steps to Reproduce: 1. Install base system 2. Check /etc/ssh/sshd_config Actual results: # Protocol 2,1 Expected results: # Protocol 2 or Protocol 2 Additional info: Please see http://www.ssh.com/company/newsroom/article/210/ and http://www.kb.cert.org/vuls/id/684820
This problem will be resolved in a future major release of Red Hat Enterprise Linux. Red Hat does not currently plan to provide a resolution for this in a Red Hat Enterprise Linux update for currently deployed systems. With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating changes for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects.