From owner-freebsd-current Wed Oct 23 11:38:24 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8848237B401 for ; Wed, 23 Oct 2002 11:38:23 -0700 (PDT) Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10FF643E3B for ; Wed, 23 Oct 2002 11:38:23 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0135.cvx21-bradley.dialup.earthlink.net ([209.179.192.135] helo=mindspring.com) by harrier.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 184QOG-00067o-00; Wed, 23 Oct 2002 11:38:01 -0700 Message-ID: <3DB6EC40.15B858B9@mindspring.com> Date: Wed, 23 Oct 2002 11:36:48 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Steven Ames Cc: David Schultz , Lucky Green , freebsd-current@FreeBSD.ORG Subject: Re: Request: remove ssh1 fallback References: <007501c27a5c$27203fc0$6501a8c0@VAIO650> <20021023155753.GB7503@HAL9000.homeunix.com> <004401c27aad$740a5400$33d90c42@officescape.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Steven Ames wrote: > > Thus spake Lucky Green : > > > I therefore believe that the 5.0 release represents a perfect > > > opportunity to remove ssh1 fallback from the default distribution of > > > FreeBSD and hope the FreeBSD team will consider this change. > > > > Making SSH 2 the default is one thing. Removing SSH 1 as a > > fallback altogether is going to break compatibility with other > > systems like you'd never believe. For example, I regularly need > > to SSH into Solaris boxen running SSH 1. These machines aren't > > secure anyway, and since there's nothing I can do about it, I > > don't want any surprises when I upgrade. > > I think he was suggesting removing it from the sshd server, not > the client. You can always specify the protocol on the command > line with the client even if it didn't fall back... and again he's > suggesting it for the default configuration, you can always change > the configuration. I'm not necessarily for this change I just want > to be sure what change is being suggested :) What if the client machine is a SSH1 Solaris (or Windows) box going into a FreeBSD rackmount? It should *at least* be available as a command line option to the daemon; since some boxes *don't have* consoles at all, it would have the same effect of turning them into a doorstop to disable this flag, once it's available, by default (right now, it just provides both). The problem with interoperability is that it's not unidirectional. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message