From owner-freebsd-security@freebsd.org Tue Jan 31 05:36:33 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0194CC9F0D for ; Tue, 31 Jan 2017 05:36:33 +0000 (UTC) (envelope-from heas@shrubbery.net) Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by mx1.freebsd.org (Postfix) with ESMTP id 9AD241CB6 for ; Tue, 31 Jan 2017 05:36:33 +0000 (UTC) (envelope-from heas@shrubbery.net) Received: from [198.58.5.42] (unknown [198.58.5.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by guelah.shrubbery.net (Postfix) with ESMTPSA id 234C044DC3; Tue, 31 Jan 2017 05:36:32 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: fbsd11 & sshv1 From: Heasley X-Mailer: iPhone Mail (14C92) In-Reply-To: Date: Mon, 30 Jan 2017 21:36:31 -0800 Cc: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= , freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <0A1A9F5A-0102-4FED-9B82-E081C29103AD@shrubbery.net> References: <20170127173016.GF12175@shrubbery.net> <867f5c66yr.fsf@desk.des.no> <20170130195226.GD73060@shrubbery.net> <20170130222443.GL73060@shrubbery.net> To: jungle Boogie X-Mailman-Approved-At: Tue, 31 Jan 2017 13:02:59 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2017 05:36:33 -0000 Am 30.01.2017 um 14:52 schrieb jungle Boogie : >=20 >> On 30 January 2017 at 14:24, heasley wrote: >> Mon, Jan 30, 2017 at 01:56:03PM -0800, jungle Boogie: >>>> On 30 January 2017 at 11:52, heasley wrote: >>>> Mon, Jan 30, 2017 at 01:57:32PM +0100, Dag-Erling Sm=C3=B8rgrav: >>>>> heasley writes: >>>>>> So, what is the BCP to support a v1 client for outbound connections o= n fbsd >>>>>> 11? Hopefully one that I do not need to maintain by building a speci= al ssh >>>>>> from ports. Is there a pkg that I'm missing? >>>>>=20 >>>>> FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 and 1= 2 >>>>> do not, and neither does the openssh-portable port. I'm afraid you wi= ll >>>>> have to find some other SSH client. >>>>=20 >>>> That is sad; I doubt that I am the only one who would need this - there= >>>> are millions of Cisco, HP, and etc network devices that folks must cont= inue >>>> to access but will never receive new firmware with sshv2. It takes a l= ong >>>> time for some equipment to transition to the recycle bin - even after >>>> vendor EOLs. >>>=20 >>> Well you have about 7 months until it's deprecated from openssh. >>> What's wrong with continuing to use openSSH 7.4 post sshv1 >>> deprecation? >>=20 >> whats wrong with providing a 7.4+v1 port for everyone to use? >=20 > What will happen when 7.4 gets a vulnerability, then? I don't think > you or I will be patching it (or anyone else) and therefore, the > port/pkg will be knowingly vulnerable. >=20 > Why do we want that? So you ate advocating telnet? Such a client is likely better still than teln= et, which is the only alternative.=20 Without a pkg, folks are forced to maintain it themselves. Which is more lik= ely to receive less attention between now and EoS for v1? Dont make choices for or impose your rhetoric upon others, provide them the t= ools to make their choices.=20 >=20 > --=20 > ------- > inum: 883510009027723 > sip: jungleboogie@sip2sip.info