From owner-freebsd-stable  Tue Oct 30 16: 9:18 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157])
	by hub.freebsd.org (Postfix) with ESMTP id 93FA637B401
	for <freebsd-stable@FreeBSD.ORG>; Tue, 30 Oct 2001 16:09:08 -0800 (PST)
Received: from kutulu.kutulu.org ([64.212.128.3])
	by pr0n.kutulu.org (8.11.6/8.11.6) with ESMTP id f9V08s951111;
	Tue, 30 Oct 2001 19:08:54 -0500 (EST)
	(envelope-from kutulu@kutulu.org)
Message-Id: <5.1.0.14.0.20011030184022.00a27180@127.0.0.1>
X-Sender: kutulu@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 30 Oct 2001 18:47:35 -0500
To: Mark Foster <mdf@enic.cc>
From: Kutulu <kutulu@kutulu.org>
Subject: Re: suggestion about sshd_config default
Cc: freebsd-stable@FreeBSD.ORG
In-Reply-To: <1004483564.15832.67.camel@smokey.lan.enic.cc>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 03:12 PM 10/30/2001 -0800, Mark Foster wrote:
>I'm requesting that the default openssh configuration be changed to say
>Protocol 2
>instead of
>#Protocol 2,1
>
>
>Protocol 1 is the subject of a number of recent security advisories, and
>it's use should be discouraged. The behavior with the line commented as
>it is (by default) now seems to be to NOT use protocol 1 or 2 but 1.99.

ssh version "1.99" is the version number required by the ssh v2 
specification when the server supports both versions.  ssh v1 clients will 
see a major version of 1 and negotiate a connection, ssh v2 clients will 
know to look further along in the version identifier for the ssh2 version 
number.

While I agree that version 1 should probably not be used, turning it off by 
default would change the way existing systems work, and thus, isn't 
something that should be done in -STABLE.  It "violates POLA", which (as a 
BSD newbie) I'm still trying to come up with the actual meaning of.  (I 
just this morning went and looked up what all those 'bikeshed' references 
meant :)

--K


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message