From owner-freebsd-security@freebsd.org Tue Jan 31 20:17:29 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF742CCA1B8 for ; Tue, 31 Jan 2017 20:17:29 +0000 (UTC) (envelope-from heas@shrubbery.net) Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by mx1.freebsd.org (Postfix) with ESMTP id 9B4A31C1 for ; Tue, 31 Jan 2017 20:17:29 +0000 (UTC) (envelope-from heas@shrubbery.net) Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 01CAB457DD; Tue, 31 Jan 2017 20:17:23 +0000 (UTC) Date: Tue, 31 Jan 2017 20:17:22 +0000 From: heasley To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Cc: heasley , freebsd-security@freebsd.org Subject: Re: fbsd11 & sshv1 Message-ID: <20170131201722.GH11924@shrubbery.net> References: <20170127173016.GF12175@shrubbery.net> <867f5c66yr.fsf@desk.des.no> <20170130195226.GD73060@shrubbery.net> <867f5bfmde.fsf@desk.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <867f5bfmde.fsf@desk.des.no> X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. X-Claimation: an engineer needs a manager like a fish needs a bicycle X-reality: only YOU can put an end to the embarrassment that is Tom Cruise User-Agent: Mutt/1.7.2 (2016-11-26) X-Mailman-Approved-At: Tue, 31 Jan 2017 21:21:39 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2017 20:17:29 -0000 Tue, Jan 31, 2017 at 01:24:29PM +0100, Dag-Erling Smørgrav: > heasley writes: > > Dag-Erling Smørgrav writes: > > > FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 > > > and 12 do not, and neither does the openssh-portable port. I'm > > > afraid you will have to find some other SSH client. > > That is sad; > > You know what would be even sadder? If the OpenSSH developers had to > continue to devote significant resources to maintaining a rat's nest of > legacy code so 0.0001% of their users could continue to use an obsolete > protocol to connect to obsolete equipment, instead of devoting those > same resources to developing new features and improving existing ones. > Especially when those users have plenty of alternatives to choose from, > including but not limited to security/putty. I was not suggesting that openssl maintain their apparently messy code; they're maintaining it already, for whatever the remaining period is. i'm suggesting a port with a v1 client; that is built with all the other binary ports for abi changes and whatever else is reasonable. yes, i can build my own, but i feel it should be a port. I appreciate the putty suggestion, but it appears to be graphical only. Happy to have it pointed-out that I've missed a port having v1. i also understand the devote position of buy new equipment to advance security; its simply not going to happen anytime soon. and i'm not alone. i'm not rich, i don't crontrol depreciation schedules, etc etc.