Date: Wed, 27 Mar 2002 11:01:00 -0500 From: Tom Rhodes <darklogik@pittgoth.com> To: Michael Lucas <mwlucas@blackhelicopters.org> Cc: dan@tangledhelix.com, freebsd-security@FreeBSD.ORG Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020327110100.6d638389.darklogik@pittgoth.com> In-Reply-To: <20020327074236.B86929@blackhelicopters.org> References: <20020326185714.F22539@mail.webmonster.de> <20020326182003.F15545-100000@patrocles.silby.com> <20020326181634.A919@lothlorien.tangledhelix.net> <20020327074236.B86929@blackhelicopters.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=.:kAuWAFj2)lPva Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 27 Mar 2002 07:42:36 -0500 Michael Lucas <mwlucas@blackhelicopters.org> wrote: > On Tue, Mar 26, 2002 at 06:16:34PM -0500, Dan Lowe wrote: > > Previously, Mike Silbersack wrote: > > > > > > Yes, upgrading clients to v2 would be best. However, I don't > > > think that locking out v1 users would be the best way to achieve > > > that. The most likely result of doing so would be people > > > falling back to telnet. > > > > On a system where security is of any concern whatsoever, why would > > telnet be available in the first place? > > I just dealt with a group of "senior" admins here in Detroit who > weren't familiar with the problems of telneting to their Ciscos. > Ethereal was quite the shock to them. :-) > > It's taken us years to basically scrub telnet off the map, and it's > still not gone. SSHv1 is far better than telnet, and there are any > number of v1 clients still out there. Please don't make it any > harder than it absolutely has to be. > > Perhaps a comment in the file, "we recommend using v2 whenever > possible", so people stumble across it frequently even if they don't > bother reading the docs? How about a nice addition to the ssh manual pages just because I do not think they describe things well enough. For instance, when I first started using scp(1), I fought like hell before I figured it out. I do not feel the manual page had a clear description of how to use scp(1). It did, however, cover the options well... I think that it should describe how to use protocol 2, I also think it should point you to a reference of the use options. Opinions? > > ==ml > > -- > Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org > my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons > > http://www.blackhelicopters.org/~mwlucas/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Tom (Darklogik) Rhodes www.FreeBSD.org -The Power To Serve www.Pittgoth.com -Pittgoth Discussion Portal trhodes@ {Pittgoth.com, FreeBSD.org} --=.:kAuWAFj2)lPva Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) iD8DBQE8oezAwPmgiRuevUMRAhLZAKCL7MrD6ClvW+dX4qASoLCLEIHY3gCg6p62 KJvApIOtEXYMH/ETFFOyn9M= =A+qb -----END PGP SIGNATURE----- --=.:kAuWAFj2)lPva-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020327110100.6d638389.darklogik>