From owner-freebsd-current  Thu Oct 24 11: 4: 2 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE9CB37B401
	for <current@FreeBSD.ORG>; Thu, 24 Oct 2002 11:04:00 -0700 (PDT)
Received: from clover.kientzle.com (user-112uh9a.biz.mindspring.com [66.47.69.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ABF6B43E42
	for <current@FreeBSD.ORG>; Thu, 24 Oct 2002 11:03:59 -0700 (PDT)
	(envelope-from kientzle@acm.org)
Received: from acm.org (c43 [66.47.69.43])
	by clover.kientzle.com (8.11.3/8.11.3) with ESMTP id g9OI3xE88873
	for <current@FreeBSD.ORG>; Thu, 24 Oct 2002 11:03:59 -0700 (PDT)
	(envelope-from kientzle@acm.org)
Message-ID: <3DB834C3.8010601@acm.org>
Date: Thu, 24 Oct 2002 10:58:27 -0700
From: Tim Kientzle <kientzle@acm.org>
Reply-To: kientzle@acm.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.6) Gecko/20011206
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: current@FreeBSD.ORG
Subject: Re: Request: remove ssh1 fallback
References: <bulk.29405.20021024004250@hub.freebsd.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Thus spake Lucky Green <shamrock@cypherpunks.to>:
>>... remove ssh1 fallback from the default ...

David Schultz <dschultz@uclink.Berkeley.EDU> wrote:
> Removing SSH 1 ... is going to break compatibility ...


POLA: before breaking compatibility, warn people.
It's simple to modify the ssh client so that it
emits a warning message before downgrading

"Warning: switching to less-secure SSH1 protocol"

On the server side, you could certainly log
a warning; there may be a way to notify the
connecting user as well.  The logged warning
could even include a very brief reference to
the setting required to disable SSH1 entirely.

Warnings like this do not break compatibility,
but do improve security by bringing these issues
to people's attention.  The usual method: leave
these warnings in for a year or two, _then_
disable SSH1 by default.  Of course, if
we have to wait for Solaris to catch up, then
maybe we need a ten-year transition.  ;-)

Tim Kientzle





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message