[plug] putty for Red Hat Linux 7.3
James Devenish
devenish at guild.uwa.edu.au
Tue Apr 13 20:22:16 WST 2004
In message <20040413113300.GA8700 at grail.lostrealm.com>
on Tue, Apr 13, 2004 at 07:33:01PM +0800, Leon Blackwell wrote:
> Bret Busby wrote:
> > (from my understanding, vulnerabilities have occurred with openssh,
> > and I do not know whether the ssh that I have been using, involves
> > openssh)
> Vulnerabilities have occurred with PuTTY too...In general, it always
> pays to be up to date and to knwo what you're running.
Leon is correct. The "vulnerabilities in OpenSSH" argument is one that I
would expect to emanate from developers or supporters of alternative SSH
implementations, rather than from the general population (i.e. it's not
as though disgruntled OpenSSH ex-users are seen in droves). Not that
there's anything wrong with /not/ using OpenSSH (except that you may
have to regenerate or convert your identify keys, if you use them).
However, note that the command-line sftp client supplied with OpenSSH
prior to 3.8 is pretty minimal.
> I don't think there's a version of ssh that hasn't had to be fixed for
> something (tough I may be wrong).
(Of the phrase "version of SSH"...) While I'm sure the above point
refers to SSH /implementations/, it's also worth nothing that SSH 2
is in some senses a security patch for SSH 1 ;-)
More information about the plug
mailing list