From owner-freebsd-current Sat Oct 26 14: 7:30 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 641C537B401 for ; Sat, 26 Oct 2002 14:07:29 -0700 (PDT) Received: from HAL9000.homeunix.com (12-232-220-15.client.attbi.com [12.232.220.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA96043E6E for ; Sat, 26 Oct 2002 14:07:28 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id g9QL7QTx006354; Sat, 26 Oct 2002 14:07:26 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id g9QL7QUc006353; Sat, 26 Oct 2002 14:07:26 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Date: Sat, 26 Oct 2002 14:07:26 -0700 From: David Schultz To: Tim Kientzle Cc: current@FreeBSD.ORG Subject: Re: Request: remove ssh1 fallback Message-ID: <20021026210726.GB5889@HAL9000.homeunix.com> Mail-Followup-To: Tim Kientzle , current@FreeBSD.ORG References: <3DB834C3.8010601@acm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3DB834C3.8010601@acm.org> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thus spake Tim Kientzle : > Thus spake Lucky Green : > >>... remove ssh1 fallback from the default ... > > David Schultz wrote: > >Removing SSH 1 ... is going to break compatibility ... > > > POLA: before breaking compatibility, warn people. > It's simple to modify the ssh client so that it > emits a warning message before downgrading > > "Warning: switching to less-secure SSH1 protocol" > > On the server side, you could certainly log > a warning; there may be a way to notify the > connecting user as well. The logged warning > could even include a very brief reference to > the setting required to disable SSH1 entirely. I think you're missing the point. Warnings are fine, but there is little good reason to disable SSH1 entirely. If one end of the connection is forced to fall back to SSH1, it's almost certainly because the user at the other end _doesn't_have_any_other_option_. You're proposing to kick legitimate users off of everyone's FreeBSD boxen because you know better than they do about security. I know SSH1 is insecure, and therefore I don't use it. But I'm not about to unleash a surprise on everyone who uses a machine without SSH2 just so I can hammer the idea into their heads. Breaking POLA isn't a sin, but you'd better have a better reason to do it than ``it lets people do things that are insecure.'' So do rsh, telnet, hosts.equiv, vipw, et al. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message