brhamon Thu, 04/15/2004 - 12:29
User Badges:

The IDS-4215 was initially released with IDS 4.1(1) in Jul-2003. It included OpenSSH-3.6.1p1 and OpenSSL-0.9.7b.

In Nov-2003, we released IDS 4.1(2) which contains OpenSSH-3.7.1p2 and OpenSSL-0.9.7b-patched. (The OpenSSL patches addressed vulnerabilities that had been disclosed just prior to the release of 4.1(2).)

No changes to OpenSSH or OpenSSL were included in the 4.1(3) service pack (also released in Nov-2003).

The OpenSSH developers have released a newer version; however, these changes are functional and have no security implications.

ThorsonMacAoidh Thu, 04/22/2004 - 18:37
User Badges:

What about the Protocol Version. Does the default OpenSSH config file limit to protocol version 1, or 2?


brhamon Thu, 04/22/2004 - 19:54
User Badges:

No. The SSH server supports protocol versions 1.5 and 2.0. The default configuration file includes the line "Protocol 2,1" which means that it will select protocol version 2 if the client seems to support it. Otherwise, it will use protocol version 1.5.


This Discussion