tags:

views:

149

answers:

2

There seem to be a few good pure Python SSH2 client implementations out there, but I haven't been able to find one for SSH1. Is there some specific reason for this other than lack of interest in such a project? I am fully aware of the many SSH1 vulnerabilities, but a pure Python SSH1 client implementation would still be very useful to those of us who want to write SSH clients to manage older embedded devices which only support SSH1 (Cisco PIX for example). I also know I'm not the only person looking for this.

The reason I'm asking is because I'm bored, and I've been thinking about taking a stab at writing this myself. I've just been hesitant to start, since I know there are a lot of people out there who are much smarter than me, and I figured there might be some reason why nobody has done it yet.

+1  A: 

Well, the main reason probably was that when people started getting interested in such things in VHLLs such as Python, it didn't make sense to them to implement a standard which they themselves would not find useful.

I am not familiar with the protocol differences, but would it be possible for you to adapt an existing codebase to the older protocol?

lfaraone
i doubt it. as far as i know, ssh2 is a complete rewrite of the ssh protocol.
Michael Conigliaro
A: 

SSHv1 was considered deprecated in 2001, so I assume nobody really wanted to put the effort into it. I'm not sure if there's even an rfc for SSH1, so getting the full protocol spec may require reading through old source code.

Since there are known vulnerabilities, it's not much better than telnet, which is almost universally supported on old and/or embedded devices.

JimB
I actually did find an RFC (http://www.snailbook.com/docs/protocol-1.5.txt), but having just learned that Ettercap can apparently decode SSH1 sessions in real time, you make a good point about SSH1 not being much better than telnet. So I guess I have my answer. Thanks.
Michael Conigliaro