Leroy Tennison leroy.tennison at
Thu Oct 28 18:54:45 UTC 2021

Under "Notes:" for Seth Arnold makes a reference to "openssh-ssh1", does this CVE only apply to version 1 of openssh?  The reason I ask is that we have a PCI environment and our scanning vendor has noted us as non-compliant because of this CVE.  I understand there is disagreement about the severity of the CVE but we need an answer and Seth hasn't provided a public email address.  If the CVE applies only to ssh version 1 then we have an answer.
A related question, would using a certificate-based ssh configuration avoid this issue?
Thanks for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-server mailing list