Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: judgej on January 23, 2008, 10:58:23 AM

Title: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: judgej on January 23, 2008, 10:58:23 AM

Anyone any idea what this message in the daily rkhunter e-mails means?

Is it something expected, that is not being suppressed by the rkhunter (and should be), or is it something that should not be enabled on the SME Server 7.3 in the first place?

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: william_syd on January 24, 2008, 01:43:42 AM

What's the output of.....

config show sshd

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: judgej on January 24, 2008, 03:28:08 AM

Code: [Select]

sshd=service
    MaxAuthTries=2
    PasswordAuthentication=yes
    PermitRootLogin=no
    Protocol=2,1
    TCPPort=22
    UsePAM=yes
    access=private
    status=enabled
Am I guessing correctly that it is the '1' in the '2,1'? Something that an upgrade should perhaps have removed at some point?

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: william_syd on January 24, 2008, 07:25:53 AM

Possibly.

7.something upraded to 7.3 gives me...

sshd=service
    MaxAuthTries=2
    PasswordAuthentication=yes
    PermitRootLogin=yes
    Protocol=2
    TCPPort=22
    UsePAM=yes
    access=public
    status=enabled


I get the same result with three instalations all in server-only mode.

If you have never messed with the Protocol value then I would deem this a bug.

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: judgej on January 24, 2008, 11:22:04 PM

Thanks, I'll treat it as a bug. This is a machine that has been upgraded over many versions, so may have stuff left over from earlier versions.

I've just compared four servers. The two servers that were installed with SME6.0 are both okay - they have only V2 protocol defined. The two servers that were installed initially with SME5.5 both have V1 protocol in them.

Thanks for the help - I'll get a bug raised.

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: cactus on January 24, 2008, 11:39:58 PM

Quote from: judgej on January 24, 2008, 11:22:04 PM

Thanks for the help - I'll get a bug raised.

Which would be bug 3803 (http://bugs.contribs.org/show_bug.cgi?id=3803), just as a service to future readers....

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: judgej on January 27, 2008, 11:31:46 PM

Yeah, thanks, I should have done that.

This issue has resulted in an update to the documentation here http://wiki.contribs.org/Log_Files#RK_Hunter_Messages (http://wiki.contribs.org/Log_Files#RK_Hunter_Messages) (which needs some further corrections, but I've lost my wiki password again).

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: cactus on January 28, 2008, 09:10:30 AM

Quote from: judgej on January 27, 2008, 11:31:46 PM

Yeah, thanks, I should have done that.

This issue has resulted in an update to the documentation here http://wiki.contribs.org/Log_Files#RK_Hunter_Messages (http://wiki.contribs.org/Log_Files#RK_Hunter_Messages) (which needs some further corrections, but I've lost my wiki password again).

It should be the same as your forum password, if you still can not login, please file a bug (and perhaps consider downloading soemthing like Keepass to store your passwords :-) )

Title: Re: "Warning: SSH protocol v1 has been enabled..." - what does it mean?
Post by: judgej on January 28, 2008, 11:47:21 AM

Thanks - page now updated. I completely forgot the Wiki password was the same as the forums, which is why I thought I had 'lost' my password for the wiki - not a trace of it noted down anywhere :-O