Sorry if this is already a known issue. When the vulnerabilities in ssh-1.xx were publicised, we upgraded to ssh-2.xx on our machines. The process for ssh version 2.xx does NOT erase sshd1 from /usr/local/sbin, and if an incoming client is still running the old ssh version 1, sshd2 will hand off control to /usr/local/sbin/sshd1 (of course, this can be disabled). It appears that if your old sshd from version 1 was vulnerable before installing ssh version 2, YOU ARE STILL VULNERABLE. We have information that this problem is currently being actively exploited, and scans for vulnerable machines are being conducted. Messages such as the following (note: sshd, not sshd2) indicate that a scan may be in progress: sshd[6169]: fatal: Local: Corrupted check bytes on input. sshd[6253]: fatal: Local: crc32 compensation attack: network attack detected