On 25 Mar 2015, at 03:15, Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx> wrote: > On Wed, 2015-03-25 at 10:26 +1100, Damien Miller wrote: >> OpenSSH git master now disabled SSH protocol 1 at compile time by >> default. If you want it back, then you'll need to pass --with-ssh1 >> to configure before you build. > +1 > > - People who use SSH are expected to want security (which v1 doesn't > provide) - people wo actually don't want security, shouldn't have used > SSH in the first place, but could have used rsh, telnet, etc. +1 for doing it in sshd. For the client, one issue is that it's not easy for the naive ssh user to tell if the equipment they are using supports ssh2 or just ssh1. For instance, the user currently using an ssh1-supporting ssh client to reach their cisco router doesn't (as I understand it) get warned if the cisco router only supports ssh1. Would one option for the client to be to display a (suppressible) 'The server you are connecting to only supports ssh protocol version 1 which is potentially insecure, and for which support will soon be removed - continue (y/n)' type prompt by default? This could continue for a couple of major releases. -- Alex Bligh
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev