Date: Wed, 27 Mar 2002 16:02:45 +0000 From: Ceri <setantae@submonkey.net> To: Tom Rhodes <darklogik@pittgoth.com> Cc: Michael Lucas <mwlucas@blackhelicopters.org>, dan@tangledhelix.com, freebsd-security@FreeBSD.ORG Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020327160245.GA60990@submonkey.net> In-Reply-To: <20020327110100.6d638389.darklogik@pittgoth.com> References: <20020326185714.F22539@mail.webmonster.de> <20020326182003.F15545-100000@patrocles.silby.com> <20020326181634.A919@lothlorien.tangledhelix.net> <20020327074236.B86929@blackhelicopters.org> <20020327110100.6d638389.darklogik@pittgoth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 27, 2002 at 11:01:00AM -0500, Tom Rhodes wrote: > On Wed, 27 Mar 2002 07:42:36 -0500 > Michael Lucas <mwlucas@blackhelicopters.org> wrote: > > > On Tue, Mar 26, 2002 at 06:16:34PM -0500, Dan Lowe wrote: > > > Previously, Mike Silbersack wrote: > > > > > > > > Yes, upgrading clients to v2 would be best. However, I don't > > > > think that locking out v1 users would be the best way to achieve > > > > that. The most likely result of doing so would be people > > > > falling back to telnet. > > > > > > On a system where security is of any concern whatsoever, why would > > > telnet be available in the first place? > > > > I just dealt with a group of "senior" admins here in Detroit who > > weren't familiar with the problems of telneting to their Ciscos. > > Ethereal was quite the shock to them. :-) > > > > It's taken us years to basically scrub telnet off the map, and it's > > still not gone. SSHv1 is far better than telnet, and there are any > > number of v1 clients still out there. Please don't make it any > > harder than it absolutely has to be. > > > > Perhaps a comment in the file, "we recommend using v2 whenever > > possible", so people stumble across it frequently even if they don't > > bother reading the docs? > > How about a nice addition to the ssh manual pages just because I do > not think they describe things well enough. For instance, when I > first started using scp(1), I fought like hell before I figured it > out. I do not feel the manual page had a clear description of how > to use scp(1). It did, however, cover the options well... I think > that it should describe how to use protocol 2, I also think it should > point you to a reference of the use options. I think the scp(1) manpages are clear enough, to be honest. I mean, the syntax is essentially just a mix between cp(1) and ssh(1), except that it treats a destination filename containing a ':' as a hostname:path combination. I can even tab-complete with scp over the network (and so could you, with the correct tcsh incantations). I would imagine that any problems you had with scp(1) were more rooted in the "getting my key working" area than with actually typing # scp foo wibble quux host.example.com:/tmp Surely ? Therefore perhaps we just need a doc on how to get keys working (and I'm not convinced we need that, but I've been using ssh for a long time). Ceri -- keep a mild groove on To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020327160245.GA60990>