Date: Fri, 28 Sep 2001 10:19:48 -0600 From: Nate Williams <nate@yogotech.com> To: Gregory Neil Shapiro <gshapiro@FreeBSD.org> Cc: nate@yogotech.com (Nate Williams), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h Message-ID: <15284.41764.337979.488670@nomad.yogotech.com> In-Reply-To: <15284.41365.425727.42065@horsey.gshapiro.net> References: <200109280133.f8S1Xr363615@freefall.freebsd.org> <20010928015644.N84277-100000@achilles.silby.com> <20010928013527.A8101@xor.obsecurity.org> <15284.36137.254842.551909@nomad.yogotech.com> <15284.40817.364418.89517@horsey.gshapiro.net> <15284.40987.681415.432076@nomad.yogotech.com> <15284.41365.425727.42065@horsey.gshapiro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> No, it does make sense to have both. > > nate> Not in the client ocnfiguration, which I thought was being discussed. > nate> Or am I confused? > > I could be wrong (I assumed the server config). However, even in the > client case, could the ssh client be connecting to either a protocol 1 sshd > or a protcol 2 sshd. If you list "Protocol 1", attempts to contact a > protocol 2 only sshd would fail; Not if you type 'ssh -2'. I just tried it. > if you list "Protocol 2", attempts to > contact a protocol 1 only sshd would fail; True, but that's because there is no way to force the client to do a SSH1 connection. However, the client is capable of supporting ssh v1, it's just not available to you via the command line. (Note to developers listening, that would be a good command-line switch to add, like 'ssh -1'.) > if you list "Protocol 1,2", > attempts to contact either a protocol 1 or protocol 2 only server would > succeed. Note that these are all assumptions and I should really check the > code for confirmation but the man page seems to agree: > > Protocol > Specifies the protocol versions ssh should support in order of > preference. The possible values are ``1'' and ``2''. Multiple > versions must be comma-separated. The default is ``1,2''. This > means that ssh tries version 1 and falls back to version 2 if > version 1 is not available. Unfortunately, as people have pointed out, the 'fallback' option doesn't in fact work, because once a client attempts a particular protocol, it stays with it even with the handshake fails. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15284.41764.337979.488670>