Re: FYI: SSH1 now disabled at compile-time by default

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I think we require ssh -1 to connect to SSHv1, but this is the sort of
thing that can get automated.

I think there's wide consensus on this move for sshd.  The only question is
ssh -1, I think.

On Wed, Mar 25, 2015 at 9:46 AM, Alex Bligh <alex@xxxxxxxxxxx> wrote:

>
> On 25 Mar 2015, at 03:15, Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx>
> wrote:
>
> > On Wed, 2015-03-25 at 10:26 +1100, Damien Miller wrote:
> >> OpenSSH git master now disabled SSH protocol 1 at compile time by
> >> default. If you want it back, then you'll need to pass --with-ssh1
> >> to configure before you build.
> > +1
> >
> > - People who use SSH are expected to want security (which v1 doesn't
> > provide) - people wo actually don't want security, shouldn't have used
> > SSH in the first place, but could have used rsh, telnet, etc.
>
> +1 for doing it in sshd.
>
> For the client, one issue is that it's not easy for the naive ssh
> user to tell if the equipment they are using supports ssh2 or just
> ssh1. For instance, the user currently using an ssh1-supporting
> ssh client to reach their cisco router doesn't (as I understand it)
> get warned if the cisco router only supports ssh1.
>
> Would one option for the client to be to display a (suppressible)
> 'The server you are connecting to only supports ssh protocol
> version 1 which is potentially insecure, and for which
> support will soon be removed - continue (y/n)' type
> prompt by default? This could continue for a couple of major
> releases.
>
> --
> Alex Bligh
>
>
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux