Re: FYI: SSH1 now disabled at compile-time by default

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 25 Mar 2015, at 03:15, Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx> wrote:

> On Wed, 2015-03-25 at 10:26 +1100, Damien Miller wrote: 
>> OpenSSH git master now disabled SSH protocol 1 at compile time by
>> default. If you want it back, then you'll need to pass --with-ssh1
>> to configure before you build.
> +1
> 
> - People who use SSH are expected to want security (which v1 doesn't
> provide) - people wo actually don't want security, shouldn't have used
> SSH in the first place, but could have used rsh, telnet, etc.

+1 for doing it in sshd.

For the client, one issue is that it's not easy for the naive ssh
user to tell if the equipment they are using supports ssh2 or just
ssh1. For instance, the user currently using an ssh1-supporting
ssh client to reach their cisco router doesn't (as I understand it)
get warned if the cisco router only supports ssh1.

Would one option for the client to be to display a (suppressible)
'The server you are connecting to only supports ssh protocol
version 1 which is potentially insecure, and for which
support will soon be removed - continue (y/n)' type
prompt by default? This could continue for a couple of major
releases.

-- 
Alex Bligh




Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux