AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20070126160227.716ade15@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:onstor-exch02.onstor.net
NSV:
SSH:
R:<mtracy@css.glasshouse.com>,<dl-cstech@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/andys@onstor.net@onstor-exch02.onstor.net/INBOX	2762	064e01c741a4$9ea51750$464da8c0@glasshousetech.com
X-Sylpheed-End-Special-Headers: 1
Date: Fri, 26 Jan 2007 16:02:39 -0800
From: Andrew Sharp <andy.sharp@onstor.com>
To: "Michael Tracy" <mtracy@css.glasshouse.com>
Cc: "DL-CStech" <dl-cstech@onstor.com>
Subject: Re: Versions of SSH and Sendmail
Message-ID: <20070126160239.68a8319b@ripper.onstor.net>
In-Reply-To: <064e01c741a4$9ea51750$464da8c0@glasshousetech.com>
References: <BB375AF679D4A34E9CA8DFA650E2B04E0180959A@onstor-exch02.onstor.net>
 <063f01c741a2$85e4cbe0$464da8c0@glasshousetech.com>
 <064e01c741a4$9ea51750$464da8c0@glasshousetech.com>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

I assume you/customer means on the server (sshd).  I don't know if
there are any implications for other parts of the product, but you can
change the configuration file

/etc/ssh/sshd_config

and change the line

#Protocol 2,1

to

Protocol 2

(Uncomment and remove the '1') and restart sshd

find the pid for /usr/local/agile/sshd and kill it, then

# /usr/local/agile/bin/sshd

This will prevent the server from supporting protocol 1

Does this customer not have his filer(s) inside a competent firewall?

I would get clearance from CS before telling this to a customer,
however.

Cheers,

a

On Fri, 26 Jan 2007 18:49:28 -0500 "Michael Tracy"
<mtracy@css.glasshouse.com> wrote:

> Actually I see that in case 3587 that in the 1.3.2 release that they
> turned off listening on port 25 for sendmail.  Customer is ok with
> this.
> 
> But his followup question on SSH is about the SSH protocols:
> He wants version 1R1.5 disabled.   Only version 2.
> 
> Anyone know the SSH protocols?
> 
> Thanks!
> Michael
> 
> ----- Original Message ----- 
> From: "Michael Tracy" <mtracy@css.glasshouse.com>
> To: "John Rogers" <john.rogers@onstor.com>; "dl-cstech" 
> <dl-cstech@onstor.com>
> Sent: Friday, January 26, 2007 6:34 PM
> Subject: Re: Versions of SSH and Sendmail
> 
> 
> > Thanks John
> > yeah, I see that on my box, now
> >
> > There was an old case (3587) requesting
> > sendmail binaries earlier than version 8.13.5 contain
> > remotely-exploitable code that could send the program into a race
> > condition. Time Inc. requests a patch to bring our filers up to
> > sendmail version 8.13.6 or later. Preferably this patch would not
> > necessitate filer reboots
> >
> > For which defect 15468 was opened.
> > Anyone know if we have plans to increase our version past 8.10.1?
> >
> > Michael
> > ----- Original Message ----- 
> > From: "John Rogers" <john.rogers@onstor.com>
> > To: "Michael Tracy" <mtracy@css.glasshouse.com>; "dl-cstech" 
> > <dl-cstech@onstor.com>
> > Sent: Friday, January 26, 2007 6:22 PM
> > Subject: RE: Versions of SSH and Sendmail
> >
> >
> >> From BSD prompt you can query those components. There may be a more
> >> graceful/support savvy way to do it, but there is the info.
> >>
> >> # sendmail -d0.4 -bv root
> >> Version 8.10.1
> >> Compiled with: MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7
> >> NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SCANF SMTP
> >> TCPWRAPPERS
> >>                USERDB XDEBUG
> >> canonical name: g2r9.sc1
> >> UUCP nodename: g2r9
> >>        a.k.a.: g2r9
> >>        a.k.a.: [10.2.9.2]
> >>        a.k.a.: [127.0.0.1]
> >>        a.k.a.: [192.167.2.1]
> >>
> >> ============ SYSTEM IDENTITY (after readcf) ============
> >>      (short domain name) $w = g2r9
> >>  (canonical domain name) $j = g2r9.sc1
> >>         (subdomain name) $m = sc1
> >>              (node name) $k = g2r9
> >> ========================================================
> >>
> >> root... deliverable: mailer local, user root
> >> # ssh -v
> >> OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
> >> usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c
> >> cipher_spec] [-D port] [-e escape_char] [-F configfile]
> >>           [-i identity_file] [-L [bind_address:]port:host:hostport]
> >>           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option]
> >> [-p port]
> >>           [-R [bind_address:]port:host:hostport] [-S ctl_path]
> >>           [user@]hostname [command]
> >>
> >> -----Original Message-----
> >> From: Michael Tracy [mailto:mtracy@css.glasshouse.com]
> >> Sent: Friday, January 26, 2007 3:11 PM
> >> To: dl-cstech
> >> Subject: Versions of SSH and Sendmail
> >>
> >> Hey all
> >> Here's a quick question
> >>
> >> what version of ssh does onstor everon use?
> >> also what version of sendmail do we use?
> >>
> >> More importantly, how/where would I find that?
> >>
> >> Michael
> >>
> >>
> >
> > 
> 
> 
