Date: Thu, 24 Oct 2002 10:58:27 -0700 From: Tim Kientzle <kientzle@acm.org> To: current@FreeBSD.ORG Subject: Re: Request: remove ssh1 fallback Message-ID: <3DB834C3.8010601@acm.org> References: <bulk.29405.20021024004250@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Lucky Green <shamrock@cypherpunks.to>: >>... remove ssh1 fallback from the default ... David Schultz <dschultz@uclink.Berkeley.EDU> wrote: > Removing SSH 1 ... is going to break compatibility ... POLA: before breaking compatibility, warn people. It's simple to modify the ssh client so that it emits a warning message before downgrading "Warning: switching to less-secure SSH1 protocol" On the server side, you could certainly log a warning; there may be a way to notify the connecting user as well. The logged warning could even include a very brief reference to the setting required to disable SSH1 entirely. Warnings like this do not break compatibility, but do improve security by bringing these issues to people's attention. The usual method: leave these warnings in for a year or two, _then_ disable SSH1 by default. Of course, if we have to wait for Solaris to catch up, then maybe we need a ten-year transition. ;-) Tim Kientzle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DB834C3.8010601>