Date: Mon, 30 Jan 2017 14:52:20 -0800 From: jungle Boogie <jungleboogie0@gmail.com> To: heasley <heas@shrubbery.net> Cc: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no>, freebsd-security@freebsd.org Subject: Re: fbsd11 & sshv1 Message-ID: <CAKE2PDu7yjfDLZt4O%2BF9k6GnF%2BFLCvXXfY=NkcS01iyyrofhmg@mail.gmail.com> In-Reply-To: <20170130222443.GL73060@shrubbery.net> References: <20170127173016.GF12175@shrubbery.net> <867f5c66yr.fsf@desk.des.no> <20170130195226.GD73060@shrubbery.net> <CAKE2PDsBWB65zN3hX=2%2BOoiXrK1W=TsMa6Ck5pnKGn=Dg0k69g@mail.gmail.com> <20170130222443.GL73060@shrubbery.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30 January 2017 at 14:24, heasley <heas@shrubbery.net> wrote: > Mon, Jan 30, 2017 at 01:56:03PM -0800, jungle Boogie: >> On 30 January 2017 at 11:52, heasley <heas@shrubbery.net> wrote: >> > Mon, Jan 30, 2017 at 01:57:32PM +0100, Dag-Erling Sm=C3=B8rgrav: >> >> heasley <heas@shrubbery.net> writes: >> >> > So, what is the BCP to support a v1 client for outbound connections= on fbsd >> >> > 11? Hopefully one that I do not need to maintain by building a spe= cial ssh >> >> > from ports. Is there a pkg that I'm missing? >> >> >> >> FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 and= 12 >> >> do not, and neither does the openssh-portable port. I'm afraid you w= ill >> >> have to find some other SSH client. >> > >> > That is sad; I doubt that I am the only one who would need this - ther= e >> > are millions of Cisco, HP, and etc network devices that folks must con= tinue >> > to access but will never receive new firmware with sshv2. It takes a = long >> > time for some equipment to transition to the recycle bin - even after >> > vendor EOLs. >> >> Well you have about 7 months until it's deprecated from openssh. >> What's wrong with continuing to use openSSH 7.4 post sshv1 >> deprecation? > > whats wrong with providing a 7.4+v1 port for everyone to use? What will happen when 7.4 gets a vulnerability, then? I don't think you or I will be patching it (or anyone else) and therefore, the port/pkg will be knowingly vulnerable. Why do we want that? --=20 ------- inum: 883510009027723 sip: jungleboogie@sip2sip.info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKE2PDu7yjfDLZt4O%2BF9k6GnF%2BFLCvXXfY=NkcS01iyyrofhmg>