From owner-freebsd-security  Sat Jul  6 16:34:56 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 57A1337B400
	for <freebsd-security@freebsd.org>; Sat,  6 Jul 2002 16:34:54 -0700 (PDT)
Received: from klingon.borderworlds.dk (borderworlds.dk [193.162.142.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A766943E4A
	for <freebsd-security@freebsd.org>; Sat,  6 Jul 2002 16:34:53 -0700 (PDT)
	(envelope-from dev-null@borderworlds.dk)
Received: from borg.borderworlds.dk (localhost [127.0.0.1])
	by klingon.borderworlds.dk (Postfix on SuSE Linux 7.2 (i386)) with ESMTP id DA464288C8
	for <freebsd-security@freebsd.org>; Sun,  7 Jul 2002 01:34:51 +0200 (CEST)
Received: by borg.borderworlds.dk (Postfix, from userid 500)
	id 2B3263B8037; Sun,  7 Jul 2002 01:34:51 +0200 (CEST)
To: freebsd-security@freebsd.org
Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE
References: <xzphejepfd7.fsf_-__flood.ping.uio.no@ns.sol.net>
	<20020706035731.N2631-100000_walter@ns.sol.net>
	<200207061752.g66HqNX00351@sheol.localdomain>
	<20020706232807.GA76607@laptop.lambertfam.org>
From: Christian Laursen <dev-null@borderworlds.dk>
Reply-To: freebsd-security@freebsd.org
Date: 07 Jul 2002 01:34:50 +0200
In-Reply-To: <20020706232807.GA76607@laptop.lambertfam.org>
Message-ID: <m3sn2wv3ad.fsf@borg.borderworlds.dk>
Lines: 21
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Scott Lambert <lambert@lambertfam.org> writes:

> On Sat, Jul 06, 2002 at 12:52:23PM -0500, D J Hawkey Jr wrote:
> > In article <20020706035731.N2631-100000_walter@ns.sol.net>,
> > >> What do people think about this?  Keep 2,1 or revert to 1,2?
> > > 
> > > There is a whole lot of infrastructure surrounding ssh v1 keys out there,
> > > and it will all break if you change the default to v2.
> > 
> > "2,1" means "v2" with fallback to "v1". This shouldn't break anything,
> > unless something's already broken in a system's v2 configuration.
> 
> Unless you only have an v1 authorized key.  Then you have to go through
> and either change all your ssh invocations in your scripts to use the "-1"
> parameter or create v2 keys.

Or you can just specify "Protocol 1,2" in /etc/ssh/ssh_config.

-- 
Best regards
    Christian Laursen

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message