From owner-freebsd-security Sat Jul 6 10:52:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C53737B400 for ; Sat, 6 Jul 2002 10:52:26 -0700 (PDT) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CC8743E09 for ; Sat, 6 Jul 2002 10:52:25 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id A78995425; Sat, 6 Jul 2002 12:52:24 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g66HqNX00351; Sat, 6 Jul 2002 12:52:23 -0500 (CDT) (envelope-from hawkeyd) Date: Sat, 6 Jul 2002 12:52:23 -0500 (CDT) Message-Id: <200207061752.g66HqNX00351@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <20020706035731.N2631-100000_walter@ns.sol.net> In-Reply-To: <20020706035731.N2631-100000_walter@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE X-Original-Newsgroups: sol.lists.freebsd.security To: jason-fbsd-security@shalott.net, freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <20020706035731.N2631-100000_walter@ns.sol.net>, jason-fbsd-security@shalott.net writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >> > As a lot has changed with OpenSSH in FreeBSD, perhaps now is a good >> > time to make the 2,1 the default instead ? >> >> I'd like that. I think the only reason for the old default was not to >> surprise users who had the ssh1 RSA host key in their known_hosts but >> not the ssh2 DSA host key. >> >> What do people think about this? Keep 2,1 or revert to 1,2? > > There is a whole lot of infrastructure surrounding ssh v1 keys out there, > and it will all break if you change the default to v2. "2,1" means "v2" with fallback to "v1". This shouldn't break anything, unless something's already broken in a system's v2 configuration. > -Jason Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message