Date: Tue, 30 Oct 2001 18:47:35 -0500 From: Kutulu <kutulu@kutulu.org> To: Mark Foster <mdf@enic.cc> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: suggestion about sshd_config default Message-ID: <5.1.0.14.0.20011030184022.00a27180@127.0.0.1> In-Reply-To: <1004483564.15832.67.camel@smokey.lan.enic.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:12 PM 10/30/2001 -0800, Mark Foster wrote: >I'm requesting that the default openssh configuration be changed to say >Protocol 2 >instead of >#Protocol 2,1 > > >Protocol 1 is the subject of a number of recent security advisories, and >it's use should be discouraged. The behavior with the line commented as >it is (by default) now seems to be to NOT use protocol 1 or 2 but 1.99. ssh version "1.99" is the version number required by the ssh v2 specification when the server supports both versions. ssh v1 clients will see a major version of 1 and negotiate a connection, ssh v2 clients will know to look further along in the version identifier for the ssh2 version number. While I agree that version 1 should probably not be used, turning it off by default would change the way existing systems work, and thus, isn't something that should be done in -STABLE. It "violates POLA", which (as a BSD newbie) I'm still trying to come up with the actual meaning of. (I just this morning went and looked up what all those 'bikeshed' references meant :) --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011030184022.00a27180>