From owner-cvs-all  Fri Sep 28  1:35:34 2001
Delivered-To: cvs-all@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-153.dsl.lsan03.pacbell.net [63.207.60.153])
	by hub.freebsd.org (Postfix) with ESMTP
	id C5C3B37B405; Fri, 28 Sep 2001 01:35:27 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 6EB5866DD9; Fri, 28 Sep 2001 01:35:27 -0700 (PDT)
Date: Fri, 28 Sep 2001 01:35:27 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Mike Silbersack <silby@silby.com>
Cc: Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h
Message-ID: <20010928013527.A8101@xor.obsecurity.org>
References: <200109280133.f8S1Xr363615@freefall.freebsd.org> <20010928015644.N84277-100000@achilles.silby.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010928015644.N84277-100000@achilles.silby.com>; from silby@silby.com on Fri, Sep 28, 2001 at 01:58:57AM -0500
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Sep 28, 2001 at 01:58:57AM -0500, Mike Silbersack wrote:
>=20
> On Thu, 27 Sep 2001, Brian Feldman wrote:
>=20
> >   The only difference between this and what's in -CURRENT is that the
> >   default /etc/ssh/ssh_config sets "Protocol 1,2" for all hosts.  This =
can
> >   be overrided entirely in user ~/.ssh/config files, as always.
>=20
> Are there known compatibility problems with version 2 that this works
> around, or is this just so that people don't get surprised when they need
> to verify a new host key?

If you change the protocol to 2,1 then your version 1 RSA keys won't
be used by default because if the server can speak the ssh2 protocol
then the client will try to auth with SSH2 keys first (which probably
wont be set up to work, or may have different passphrases, etc) and
then fall back to SSH2 password auth.

Kris

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7tDZOWry0BWjoQKURAuIXAJ9QX1RCfBZQePKYQ6w1X1sO7bQIDwCbBNpv
DiBWyxwFfXgN7fJ04CxeZC0=
=JYYz
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message