Date: Sat, 6 Jul 2002 12:52:23 -0500 (CDT) From: hawkeyd@visi.com (D J Hawkey Jr) To: jason-fbsd-security@shalott.net, freebsd-security@freebsd.org Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE Message-ID: <200207061752.g66HqNX00351@sheol.localdomain> In-Reply-To: <20020706035731.N2631-100000_walter@ns.sol.net> References: <xzphejepfd7.fsf_-__flood.ping.uio.no@ns.sol.net> <20020706035731.N2631-100000_walter@ns.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <20020706035731.N2631-100000_walter@ns.sol.net>, jason-fbsd-security@shalott.net writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >> > As a lot has changed with OpenSSH in FreeBSD, perhaps now is a good >> > time to make the 2,1 the default instead ? >> >> I'd like that. I think the only reason for the old default was not to >> surprise users who had the ssh1 RSA host key in their known_hosts but >> not the ssh2 DSA host key. >> >> What do people think about this? Keep 2,1 or revert to 1,2? > > There is a whole lot of infrastructure surrounding ssh v1 keys out there, > and it will all break if you change the default to v2. "2,1" means "v2" with fallback to "v1". This shouldn't break anything, unless something's already broken in a system's v2 configuration. > -Jason Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207061752.g66HqNX00351>