Hi, Would it be possible for the latest version of OpenSSH (2.5.1 in unstable) to be back-ported to potato and added to proposed updates once it enters testing.
I propose this due to the recent set of ssh vulnerabilities most (all?) of which didn't apply to 2.3.0, and the concerns over the fundamental failings in the ssh1 protocol. Now that the OpenSSH V2 code has been around for a while and RSA is in the public domain, it might be good to begin a transition to ssh2 before a woody release (which will be a few months of at best). I realise that newer is not necessarily better, but the 2.3.0 code has been around for a while (~6 months?), and can probably be trusted if 2.5.1 is consider too new. Disclaimer: I am not a developer. However, I am happy to help implement/test this if hands are needed. Cheers, Steve
