From owner-cvs-all Fri Sep 28 9:20: 2 2001 Delivered-To: cvs-all@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id B0A8937B40C; Fri, 28 Sep 2001 09:19:51 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA01975; Fri, 28 Sep 2001 10:19:49 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id KAA25680; Fri, 28 Sep 2001 10:19:48 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15284.41764.337979.488670@nomad.yogotech.com> Date: Fri, 28 Sep 2001 10:19:48 -0600 To: Gregory Neil Shapiro Cc: nate@yogotech.com (Nate Williams), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h In-Reply-To: <15284.41365.425727.42065@horsey.gshapiro.net> References: <200109280133.f8S1Xr363615@freefall.freebsd.org> <20010928015644.N84277-100000@achilles.silby.com> <20010928013527.A8101@xor.obsecurity.org> <15284.36137.254842.551909@nomad.yogotech.com> <15284.40817.364418.89517@horsey.gshapiro.net> <15284.40987.681415.432076@nomad.yogotech.com> <15284.41365.425727.42065@horsey.gshapiro.net> X-Mailer: VM 6.95 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > >> No, it does make sense to have both. > > nate> Not in the client ocnfiguration, which I thought was being discussed. > nate> Or am I confused? > > I could be wrong (I assumed the server config). However, even in the > client case, could the ssh client be connecting to either a protocol 1 sshd > or a protcol 2 sshd. If you list "Protocol 1", attempts to contact a > protocol 2 only sshd would fail; Not if you type 'ssh -2'. I just tried it. > if you list "Protocol 2", attempts to > contact a protocol 1 only sshd would fail; True, but that's because there is no way to force the client to do a SSH1 connection. However, the client is capable of supporting ssh v1, it's just not available to you via the command line. (Note to developers listening, that would be a good command-line switch to add, like 'ssh -1'.) > if you list "Protocol 1,2", > attempts to contact either a protocol 1 or protocol 2 only server would > succeed. Note that these are all assumptions and I should really check the > code for confirmation but the man page seems to agree: > > Protocol > Specifies the protocol versions ssh should support in order of > preference. The possible values are ``1'' and ``2''. Multiple > versions must be comma-separated. The default is ``1,2''. This > means that ssh tries version 1 and falls back to version 2 if > version 1 is not available. Unfortunately, as people have pointed out, the 'fallback' option doesn't in fact work, because once a client attempts a particular protocol, it stays with it even with the handshake fails. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message