From owner-freebsd-hackers  Sun May 13 14:24:34 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from peter3.wemm.org (c1315225-a.plstn1.sfba.home.com [65.0.135.147])
	by hub.freebsd.org (Postfix) with ESMTP id 2DBEE37B42C
	for <hackers@FreeBSD.ORG>; Sun, 13 May 2001 14:24:30 -0700 (PDT)
	(envelope-from peter@wemm.org)
Received: from overcee.netplex.com.au (overcee.wemm.org [10.0.0.3])
	by peter3.wemm.org (8.11.0/8.11.0) with ESMTP id f4DLOUM44233
	for <hackers@FreeBSD.ORG>; Sun, 13 May 2001 14:24:30 -0700 (PDT)
	(envelope-from peter@wemm.org)
Received: from wemm.org (localhost [127.0.0.1])
	by overcee.netplex.com.au (Postfix) with ESMTP
	id EE3FD380C; Sun, 13 May 2001 14:24:29 -0700 (PDT)
	(envelope-from peter@wemm.org)
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: Mike Silbersack <silby@silby.com>
Cc: Terry Lambert <tlambert2@mindspring.com>,
	Erik Trulsson <ertr1013@student.uu.se>, hackers@FreeBSD.ORG
Subject: Re: SSH Must Die 
In-Reply-To: <Pine.BSF.4.31.0105131544060.52994-100000@achilles.silby.com> 
Date: Sun, 13 May 2001 14:24:29 -0700
From: Peter Wemm <peter@wemm.org>
Message-Id: <20010513212429.EE3FD380C@overcee.netplex.com.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mike Silbersack wrote:
> 
> On Sat, 12 May 2001, Terry Lambert wrote:
> 
> > Erik Trulsson wrote:
> > > Exactly how is rpping it out of FreeBSD supposed to make ssh work?
> >
> > I don't necessarily want it to work or not work, I just
> > want it to quit being a pain in my backside.
> >
> > If it can't be made to upgrade correctly, then ripping it
> > out also satisfies the criteria necessary to achieve the
> > intended goal.
> 
> Ok, backing this thread up briefly, two quick questions:
> 
> 1.  Is ssh working yet?

Yes, it is working perfectly.  The only problem is that it now works
slightly differently to what people have expected.  ie: it treats
sshv1 rsa keys as totally seperate to sshv2 rsa keys.

The simplest thing is to do a ssh-keygen to generate a new RSA key and
update ~/.ssh/authorized_keys2 once per remote machine that you connect
to.  Once that is done, it never bothers you again.  You can change
/etc/ssh/ssh_config so that it says 'Protocol 1,2', but that is avoiding
the problem rather than using the more robust, cryptographically secure
sshv2 wire protocol.

Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message