Date: Mon, 8 Jul 2002 23:21:47 -0400 From: Zvezdan Petkovic <zvezdan@CS.WM.EDU> To: security@FreeBSD.ORG Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLEnow has OpenSSH 3.4p1] Message-ID: <20020708232147.A22605@dali.cs.wm.edu> In-Reply-To: <20020708152038.D84324-100000@zoot.corp.yahoo.com>; from DougB@FreeBSD.ORG on Mon, Jul 08, 2002 at 03:24:55PM -0700 References: <20020708141630166.AAA962@empty1.ekahuna.com@pc02.ekahuna.com> <20020708152038.D84324-100000@zoot.corp.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 08, 2002 at 03:24:55PM -0700, Doug Barton wrote: > On Mon, 8 Jul 2002, Philip J. Koenig wrote: > > Also, as you pointed out, wonky mail configurations are a problem I can > fix, because I can log into the box. Not being able to log into the box is > a whole other can of worms. > OK, we buy into your reasons of release engineering for keeping v1 the default. But please, do not exaggerate. Making v2 default wouldn't make a login to a box impossible. That's a ridiculous claim. It would just ignore your authorized ssh1 key and ask you for the password. That is bad for scripts if a sysadmin is that lazy to run echo " Protocol 1,2" >>/etc/ssh/ssh_config over all machines that use those scripts. I understand your wish to keep life easy for such people. But I do not understand or approve the exaggeration in order to market your opinion better. Let me repeat: Making v2 the default in the config file (it is already the default in the binary) would break only the scripts relying on the authorized ssh1 keys, _nothing_ else. You'd certainly be able to log into your box and fix the things. You think it's better to keep v1 the default in 4.x? Fine with me. But don't make oversimplified and misleading claims, please. -- Zvezdan Petkovic <zvezdan@cs.wm.edu> http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020708232147.A22605>