Date: Mon, 28 Oct 2002 12:04:43 -0800 From: Tim Kientzle <kientzle@acm.org> To: David Schultz <dschultz@uclink.Berkeley.EDU> Cc: current@FreeBSD.ORG Subject: Re: Request: remove ssh1 fallback Message-ID: <3DBD985B.7000904@acm.org> References: <bulk.29405.20021024004250@hub.freebsd.org> <3DB834C3.8010601@acm.org> <20021026210726.GB5889@HAL9000.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>Thus spake Lucky Green <shamrock@cypherpunks.to>: >>>>... remove ssh1 fallback from the default ... >>David Schultz <dschultz@uclink.Berkeley.EDU> wrote: >>>Removing SSH 1 ... is going to break compatibility ... > Tim Kientzle <kientzle@acm.org>: >>POLA: before breaking compatibility, warn people. >> ... "Warning: switching to less-secure SSH1 protocol" David Schultz wrote: > I think you're missing the point. Warnings are fine, but there is > little good reason to disable SSH1 entirely. _I_ was actually arguing against disabling SSH1. I'm on your side. > If one end of the connection is forced to fall back > to SSH1, it's almost certainly because the user at > the other end _doesn't_have_any_other_option_. I don't really agree with this point. SSH2 and OpenSSH compile most everywhere now. I would argue that if one end is forced to fall back, it's because the admins of that system either don't know about SSH1's problems or don't believe those problems merit upgrades. > I know SSH1 is insecure, and therefore I don't use it. Unfortunately, not everyone is so knowledgable. A brief warning would help spread the news and (hopefully) help accelerate the transition to SSH2. > ... you'd better have a better reason > to do it than ``it lets people do things that are insecure.'' So > do rsh, telnet, hosts.equiv, vipw, et al. Yes, although telnet and rsh are both disabled in default FreeBSD installations in 4.7 at least and probably earlier. So far, I've not heard a lot of complaints. (But there have been several years now of pounding the 'telnet is evil' mantra into people's heads.) Tim Kientzle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DBD985B.7000904>