Cameron Simpson wrote: > Actually a modern ssh will get ssh2 keys from authorized_keys. To > lock it down you should specify "Protocol 2" in the sshd_config > file, thus forbidding ssh1 in the sshd config, and not by luck with > the key file. FWIW, this has been the default in openssh for a bit over a year now. The sshd_config that is shipped in Fedora's packages contains this: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit # activation of protocol 1 Protocol 2 The upstream openssh change was made in this commit: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.diff?r1=1.74&r2=1.75 -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It is better to weep with wise men than to laugh with fools. -- Spanish Proverb
Attachment:
pgpHsDVicTlx5.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list