I think we require ssh -1 to connect to SSHv1, but this is the sort of thing that can get automated. I think there's wide consensus on this move for sshd. The only question is ssh -1, I think. On Wed, Mar 25, 2015 at 9:46 AM, Alex Bligh <alex@xxxxxxxxxxx> wrote: > > On 25 Mar 2015, at 03:15, Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx> > wrote: > > > On Wed, 2015-03-25 at 10:26 +1100, Damien Miller wrote: > >> OpenSSH git master now disabled SSH protocol 1 at compile time by > >> default. If you want it back, then you'll need to pass --with-ssh1 > >> to configure before you build. > > +1 > > > > - People who use SSH are expected to want security (which v1 doesn't > > provide) - people wo actually don't want security, shouldn't have used > > SSH in the first place, but could have used rsh, telnet, etc. > > +1 for doing it in sshd. > > For the client, one issue is that it's not easy for the naive ssh > user to tell if the equipment they are using supports ssh2 or just > ssh1. For instance, the user currently using an ssh1-supporting > ssh client to reach their cisco router doesn't (as I understand it) > get warned if the cisco router only supports ssh1. > > Would one option for the client to be to display a (suppressible) > 'The server you are connecting to only supports ssh protocol > version 1 which is potentially insecure, and for which > support will soon be removed - continue (y/n)' type > prompt by default? This could continue for a couple of major > releases. > > -- > Alex Bligh > > > > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
