Date: Wed, 31 Oct 2001 00:54:31 +0000 From: Thomas Hurst <tom.hurst@clara.net> To: freebsd-stable@freebsd.org Subject: Re: suggestion about sshd_config default Message-ID: <20011031005431.A80719@sploo> In-Reply-To: <1004483564.15832.67.camel@smokey.lan.enic.cc>; from mdf@enic.cc on Tue, Oct 30, 2001 at 03:12:43PM -0800 References: <1004483564.15832.67.camel@smokey.lan.enic.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
* Mark Foster (mdf@enic.cc) wrote: > I'm requesting that the default openssh configuration be changed to say > Protocol 2 > instead of > #Protocol 2,1 > > > Protocol 1 is the subject of a number of recent security advisories, and > it's use should be discouraged. The behavior with the line commented as ssh1 is still pretty secure, and support for it tends to be rather better (several windows clients, including the one I'm using to write this, do not yet support ssh2, nor do any Amiga clients) than ssh2. I don't see why this should be changed by default since it has the potential to lock users out just to close some very difficult to exploit holes. Perhaps it would be better, instead, to make this a sysinstall(8) option, or even just have sysinstall mention it after installation so new users are aware of the issue. -- Thomas 'Freaky' Hurst - freaky@aagh.net - http://www.aagh.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011031005431.A80719>