From owner-freebsd-security  Fri Jul  5 10:41:38 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CC61237B400; Fri,  5 Jul 2002 10:41:34 -0700 (PDT)
Received: from mail.rz.uni-ulm.de (gemini.rz.uni-ulm.de [134.60.246.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id BE44843E09; Fri,  5 Jul 2002 10:41:33 -0700 (PDT)
	(envelope-from siegbert.baude@gmx.de)
Received: from gmx.de (lilith.wh-wurm.uni-ulm.de [134.60.106.64])
	by mail.rz.uni-ulm.de (8.12.4/8.12.4) with ESMTP id g65HfVOa024006
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT);
	Fri, 5 Jul 2002 19:41:31 +0200 (MEST)
Message-ID: <3D25DA4B.7060703@gmx.de>
Date: Fri, 05 Jul 2002 19:41:31 +0200
From: Siegbert Baude <siegbert.baude@gmx.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i386; de-AT; rv:1.0.0) Gecko/20020529
X-Accept-Language: de, en
MIME-Version: 1.0
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Mike Tancsa <mike@sentex.net>, Ruslan Ermilov <ru@freebsd.org>,
	security@freebsd.org
Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE
 now has OpenSSH 3.4p1]
References: <20020705073634.GA64656@sunbay.com>	<20020705073634.GA64656@sunbay.com>	<5.1.0.14.0.20020705073043.01c52198@192.168.0.12> <xzphejepfd7.fsf_-_@flood.ping.uio.no>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



Dag-Erling Smorgrav schrieb:
> [moving from -stable to -security, bcc: to -stable and security-team]
> 
> Mike Tancsa <mike@sentex.net> writes:
> 
>>As a lot has changed with OpenSSH in FreeBSD, perhaps now is a good
>>time to make the 2,1 the default instead ?
> 
> 
> I'd like that.  I think the only reason for the old default was not to
> surprise users who had the ssh1 RSA host key in their known_hosts but
> not the ssh2 DSA host key.
> 
> What do people think about this?  Keep 2,1 or revert to 1,2?


My opinion is: Go for the change, there will pass a long time until this 
opportunity will come again.

But then, I only have to support 100 clients. The people with really big 
crowds to support may think different.

Ciao
Siegbert


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message