On Fri, Feb 19, 2016 at 7:35 PM, Mantas Mikulėnas <grawity@xxxxxxxxx> wrote: [...] > Also, I assume the scary key generation warning in sshd's manpage only > applies to protocol 1? Yes. Protocol 2 uses Diffie-Hellman to create the session key and does not need an ephemeral server key. Damien added some text about 6 months ago to clarify, it currently reads "If SSH protocol 1 is enabled, sshd should not normally be run from inetd..." -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev