From owner-freebsd-security  Fri Jul  5 12:30:25 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C38E37B400
	for <freebsd-security@freebsd.org>; Fri,  5 Jul 2002 12:30:21 -0700 (PDT)
Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA28643E42
	for <freebsd-security@freebsd.org>; Fri,  5 Jul 2002 12:30:20 -0700 (PDT)
	(envelope-from hawkeyd@visi.com)
Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193])
	by bran.mc.mpls.visi.com (Postfix) with ESMTP
	id BCF355022; Fri,  5 Jul 2002 14:30:19 -0500 (CDT)
Received: (from hawkeyd@localhost)
	by sheol.localdomain (8.11.6/8.11.6) id g65JUH220467;
	Fri, 5 Jul 2002 14:30:17 -0500 (CDT)
	(envelope-from hawkeyd)
Date: Fri, 5 Jul 2002 14:30:17 -0500 (CDT)
Message-Id: <200207051930.g65JUH220467@sheol.localdomain>
Mime-Version: 1.0
X-Newsreader: knews 1.0b.1
Reply-To: hawkeyd@visi.com
Organization: if (!FIFO) if (!LIFO) break;
References: <5.1.0.14.0.20020705073043.01c52198_192.168.0.12@ns.sol.net>
    <xzphejepfd7.fsf_-__flood.ping.uio.no@ns.sol.net>
In-Reply-To: <xzphejepfd7.fsf_-__flood.ping.uio.no@ns.sol.net>
From: hawkeyd@visi.com (D J Hawkey Jr)
Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1]
X-Original-Newsgroups: sol.lists.freebsd.security
To: des@ofug.org, freebsd-security@freebsd.org
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In article <xzphejepfd7.fsf_-__flood.ping.uio.no@ns.sol.net>,
	des@ofug.org writes:
> [moving from -stable to -security, bcc: to -stable and security-team]
> 
> Mike Tancsa <mike@sentex.net> writes:
>> As a lot has changed with OpenSSH in FreeBSD, perhaps now is a good
>> time to make the 2,1 the default instead ?
> 
> I'd like that.  I think the only reason for the old default was not to
> surprise users who had the ssh1 RSA host key in their known_hosts but
> not the ssh2 DSA host key.
> 
> What do people think about this?  Keep 2,1 or revert to 1,2?

The former. And note it in UPDATING.

FWIW, I've been setting machines I'm responsible for to 2 only
for some time now.

> DES

Dave

-- 

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message