Date: 07 Jul 2002 01:34:50 +0200 From: Christian Laursen <dev-null@borderworlds.dk> To: freebsd-security@freebsd.org Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE Message-ID: <m3sn2wv3ad.fsf@borg.borderworlds.dk> In-Reply-To: <20020706232807.GA76607@laptop.lambertfam.org> References: <xzphejepfd7.fsf_-__flood.ping.uio.no@ns.sol.net> <20020706035731.N2631-100000_walter@ns.sol.net> <200207061752.g66HqNX00351@sheol.localdomain> <20020706232807.GA76607@laptop.lambertfam.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Scott Lambert <lambert@lambertfam.org> writes:
> On Sat, Jul 06, 2002 at 12:52:23PM -0500, D J Hawkey Jr wrote:
> > In article <20020706035731.N2631-100000_walter@ns.sol.net>,
> > >> What do people think about this? Keep 2,1 or revert to 1,2?
> > >
> > > There is a whole lot of infrastructure surrounding ssh v1 keys out there,
> > > and it will all break if you change the default to v2.
> >
> > "2,1" means "v2" with fallback to "v1". This shouldn't break anything,
> > unless something's already broken in a system's v2 configuration.
>
> Unless you only have an v1 authorized key. Then you have to go through
> and either change all your ssh invocations in your scripts to use the "-1"
> parameter or create v2 keys.
Or you can just specify "Protocol 1,2" in /etc/ssh/ssh_config.
--
Best regards
Christian Laursen
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m3sn2wv3ad.fsf>