SSH Communications Security Information for VU#973635
Some SSH servers on Microsoft Windows set insecure permissions for the host identification key file
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 18 Jul 2005
- SSH Secure Shell for Windows Servers (all versions)
- SSH Tectia Server (Windows) 4.3.1 and older versions
1a) Update the SSH Tectia Server For Windows installation to version 4.3.2, or
1b) Manually make the hostkey file readable only for Administrator group. Default location of file may have been modified in server configuration.
However, the default location of the secret part of the host key is
C:\Program Files\SSH Communications Security\SSH Secure Shell Server\hostkey
and optionally in systems, that were upgraded
2) Generate a new hostkey for system. Caution! The changed hostkey causes warning in clients connecting to the system.
The vendor has not provided us with any further information regarding this vulnerability.
Because the hostkey may have been comprised, we also suggest that you create a new hostkey for the system.
If you have feedback, comments, or additional information about this vulnerability, please send us email.