From owner-freebsd-stable Tue Oct 30 15:12:48 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mail.enic.cc (lobo.nic.cc [206.253.214.247]) by hub.freebsd.org (Postfix) with ESMTP id 6881237B401 for ; Tue, 30 Oct 2001 15:12:45 -0800 (PST) Received: from smokey.lan.enic.cc (tailback.enic.cc [206.253.214.252]) by mail.enic.cc (Postfix) with ESMTP id 3AD566A901 for ; Tue, 30 Oct 2001 15:12:44 -0800 (PST) Subject: suggestion about sshd_config default From: Mark Foster To: freebsd-stable@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/0.16.99+cvs.2001.10.22.19.12 (Preview Release) Date: 30 Oct 2001 15:12:43 -0800 Message-Id: <1004483564.15832.67.camel@smokey.lan.enic.cc> Mime-Version: 1.0 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm requesting that the default openssh configuration be changed to say Protocol 2 instead of #Protocol 2,1 Protocol 1 is the subject of a number of recent security advisories, and it's use should be discouraged. The behavior with the line commented as it is (by default) now seems to be to NOT use protocol 1 or 2 but 1.99. [this is the output from 'ssh -v hostname' on the client] debug1: Remote protocol version 1.99, remote software version OpenSSH_2.3.0 FreeBSD localisations 20010713 refs: http://razor.bindview.com/publish/advisories/adv_ssh1crc.html ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A24.ssh.asc -- -mdf [Mark D. Foster] Phone: 206-381-0449 System Administrator - eNIC Corporation Fax: 206-329-7107 or mergatroid on AIM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message