Date: Fri, 28 Sep 2001 07:58:38 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Mike Silbersack <silby@silby.com>, Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h Message-ID: <Pine.NEB.3.96L.1010928075707.31337C-100000@fledge.watson.org> In-Reply-To: <20010928013527.A8101@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Sep 2001, Kris Kennaway wrote: > On Fri, Sep 28, 2001 at 01:58:57AM -0500, Mike Silbersack wrote: > > > > On Thu, 27 Sep 2001, Brian Feldman wrote: > > > > > The only difference between this and what's in -CURRENT is that the > > > default /etc/ssh/ssh_config sets "Protocol 1,2" for all hosts. This can > > > be overrided entirely in user ~/.ssh/config files, as always. > > > > Are there known compatibility problems with version 2 that this works > > around, or is this just so that people don't get surprised when they need > > to verify a new host key? > > If you change the protocol to 2,1 then your version 1 RSA keys won't > be used by default because if the server can speak the ssh2 protocol > then the client will try to auth with SSH2 keys first (which probably > wont be set up to work, or may have different passphrases, etc) and > then fall back to SSH2 password auth. For a while I was having a problem where different versions of SSH displayed different key fingerprints for the same RSA key (possibly it depends on the protocol used?). I may have misunderstood the problem, but if this does exist, has it been resolved? Also, any hope of agent forwarding working with protocol 2 someday? Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010928075707.31337C-100000>