[OpenSSH]

Security

OpenSSH is developed with the same rigorous security process that the OpenBSD group is famous for.

For more information, see the OpenBSD Security page.

  • OpenSSH was not vulnerable to the RC4 cipher password cracking, replay, or modification attacks. At the time that OpenSSH was started, it was known at the time that SSH 1 used the RC4 stream cipher completely incorrectly, and thus RC4 support was removed.

  • OpenSSH was not vulnerable to client forwarding attacks in unencrypted connections, since unencrypted connection support was removed at OpenSSH project start.

  • OpenSSH was not vulnerable to IDEA-encryption algorithm attacks on the last packet, since the IDEA algorithm is not supported. The patent status of IDEA makes it unsuitable for inclusion in OpenSSH.

  • OpenSSH does not treat localhost as exempt from host key checking, thus making it not vulnerable to the host key authentication bypass attack.

  • OpenSSH was not vulnerable to uncontrollable X11 forwarding attacks because X11-forwarding is disabled by default and the user can de-permit it.

  • OpenSSH has the SSH 1 protocol defficiency that might make an insertion attack difficult but possible. The CORE-SDI deattack mechanism is used to eliminate the common case. Ways of solving this problem are being investigated, since the SSH 1 protocol is not dead yet.

  • OpenSSH was not vulnerable to the "Feb 5, 2001: SSH-1 Brute Force Password Vulnerability", Crimelabs Security Note CLABS200101.

  • OpenSSH was not vulnerable to the "Feb 7, 2001: SSH-1 Session Key Recovery Vulnerability", CORE-SDI Advisory CORE-20010116. OpenSSH imposes limits on the connection rate, making the attack infeasible. Additionally, the Bleichenbacher oracle has been closed completely since January 29, 2001.

  • OpenSSH 2.3.0 and newer are not vulnerable to the "Feb 8, 2001: SSH-1 Daemon CRC32 Compensation Attack Detector Vulnerability", RAZOR Bindview Advisory CAN-2001-0144. A buffer overflow in the CRC32 compensation attack detector can lead to remote root access. This problem has been fixed in OpenSSH 2.3.0. However, versions prior to 2.3.0 are vulnerable.

  • OpenSSH 2.3.1, a development snapshot, is vulnerable to "Feb 8, 2001: Authentication By-Pass Vulnerability in OpenSSH-2.3.1", OpenBSD Security Advisory. In protocol 2, authentication could be bypassed if public key authentication was permitted. This problem does exist only in OpenSSH 2.3.1. OpenSSH 2.3.0 and versions newer than 2.3.1 are not vulnerable to this problem.
    OpenSSH www@openbsd.org
    $OpenBSD: security.html,v 1.11 2001/02/09 04:24:03 provos Exp $