Date: Wed, 23 Oct 2002 12:09:13 -0700 From: "Lucky Green" <shamrock@cypherpunks.to> To: <freebsd-current@FreeBSD.ORG> Subject: RE: Request: remove ssh1 fallback Message-ID: <008401c27ac7$ae3c8e80$6501a8c0@VAIO650> In-Reply-To: <20021023161643.GA7813@HAL9000.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David wrote: > Thus spake Steven Ames <steve@virtual-voodoo.com>: > > > Making SSH 2 the default is one thing. Removing SSH 1 as > a fallback > > > altogether is going to break compatibility with other > systems like > > > you'd never believe. For example, I regularly need to SSH into > > > Solaris boxen running SSH 1. These machines aren't > secure anyway, > > > and since there's nothing I can do about it, I don't want any > > > surprises when I upgrade. > > > > I think he was suggesting removing it from the sshd server, not the > > client. You can always specify the protocol on the command > line with > > the client even if it didn't fall back... and again he's > suggesting it > > for the default configuration, you can always change the > > configuration. I'm not necessarily for this change I just > want to be > > sure what change is being suggested :) > > In either case, you break compatibility. Say I wanted to SSH > from those Solaris boxen to my home machine, for example. (I > don't, but that's not the point.) If my SSH server didn't > have the SSH 1 fallback, there's nothing I could do from the > command line to allow me to log in. My apologies if I my request was unclear: I am indeed only proposing to remove ssh1 fallback mode from the default configuration file of sshd, not from the default configuration of the ssh client. This change would not impact any users of existing FreeBSD installations as client or server. If somebody installs a fresh installation of FreeBSD 5.0 on a machine it would out-of-the-box support login by ssh2 only. Anybody that wishes to enable ssh1 on this fresh install remains able to do so. An upgrade shouldn't break your ssh settings regardless. Yes, this change would, out of the box, potentially come as a noticeable surprise for a small number of users: a user that needs to be able to log into a 5.0 box from a machine on which ssh2 is not available would manually need to enable ssh1 login in their sshd_config file. But I would argue that permitting ssh1 login into a machine should be a conscious act taken by the administrator by editing the config file, not something that a distribution should enable by default in a new install. Hope that helps somewhat clarify the scope of my request, --Lucky Green To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008401c27ac7$ae3c8e80$6501a8c0>