From owner-freebsd-stable Tue Jul 9 10:21:59 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFDD337B400; Tue, 9 Jul 2002 10:21:56 -0700 (PDT) Received: from postal1.es.net (postal1.es.net [198.128.3.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id E412C43E42; Tue, 9 Jul 2002 10:21:55 -0700 (PDT) (envelope-from oberman@es.net) Received: from ptavv.es.net ([198.128.4.29]) by postal1.es.net (Postal Node 1) with ESMTP id GQF37091; Tue, 09 Jul 2002 10:20:26 -0700 Received: from ptavv (localhost [127.0.0.1]) by ptavv.es.net (Postfix) with ESMTP id 58E175D03; Tue, 9 Jul 2002 10:21:54 -0700 (PDT) To: Doug Barton Cc: Jay Sachs , stan , FreeBSD Stable Mailing List , des@FreeBSD.org Subject: Re: ssh to remote machines problem after cvsup In-reply-to: Your message of "Tue, 09 Jul 2002 10:09:29 PDT." <3D2B18C9.B266193A@FreeBSD.org> Date: Tue, 09 Jul 2002 10:21:54 -0700 From: "Kevin Oberman" Message-Id: <20020709172154.58E175D03@ptavv.es.net> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Date: Tue, 09 Jul 2002 10:09:29 -0700 > From: Doug Barton > Sender: owner-freebsd-stable@FreeBSD.ORG > > Jay Sachs wrote: > > > There are those of us who consider the protocol switch a good change, > > So you are free to do that on your systems. The problem is, whether you > think it's a good idea or not, it's already catching people by surprise, > and locking them out of their systems. The change should be reverted. Doug, This was discussed on stable (admittedly a bit late in the game) and every comment I saw favored making the change in Stable. An entry was made in UPDATING to warn people of the change. From a security standpoint alone the change is justified as protocol V1.5 has long required kludges to work around its problems while V2 was much more carefully crafted from the ground up and has no known problems. I am only talking about the protocol and no particular implementation. People should really be using V2 protocols in all cases except where remote systems still don't support it. (And, do you REALLY want to connect to those systems?) I will admit that I had pretty much converted everything of mine to use V2 long before this came up, so this really didn't have an impact on me. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message