Date: Thu, 2 Feb 2017 15:13:50 +1100 From: Peter Jeremy <peter@rulingia.com> To: heasley <heas@shrubbery.net> Cc: freebsd-security@freebsd.org Subject: Re: fbsd11 & sshv1 Message-ID: <20170202041350.GA17877@server.rulingia.com> In-Reply-To: <20170130195226.GD73060@shrubbery.net> References: <20170127173016.GF12175@shrubbery.net> <867f5c66yr.fsf@desk.des.no> <20170130195226.GD73060@shrubbery.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2017-Jan-30 19:52:26 +0000, heasley <heas@shrubbery.net> wrote: >Mon, Jan 30, 2017 at 01:57:32PM +0100, Dag-Erling Sm=C3=B8rgrav: >> heasley <heas@shrubbery.net> writes: >> > So, what is the BCP to support a v1 client for outbound connections on= fbsd >> > 11? Hopefully one that I do not need to maintain by building a specia= l ssh >> > from ports. Is there a pkg that I'm missing? >>=20 >> FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 and 12 >> do not, and neither does the openssh-portable port. I'm afraid you will >> have to find some other SSH client. > >That is sad; I doubt that I am the only one who would need this - there >are millions of Cisco, HP, and etc network devices that folks must continue >to access but will never receive new firmware with sshv2. It takes a long >time for some equipment to transition to the recycle bin - even after >vendor EOLs. I firmly support the removal of SSHv1 from FreeBSD base. OTOH, I realise that there may be reasons why old equipment is retained far longer than desirable and agree that SSHv1 has some benefits over TELNET. My suggestion is that someone=E2=84=A2 who has a pressing need for a SSHv1 = client creates a net/ssh1 port (ie not in the "security" category) that installs a client (only) that supports SSHv1 only, and comes with a big red flashing "DANGER: INSECURE, DO NOT USE UNLESS YOU KNOW WHAT YOU ARE DOING" warning. --=20 Peter Jeremy --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJYkrH+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs0wTEP/1z9CAyOtstYzjxVenu0fJE8 ilxAarYXI8B9RIMBNTvOFkgujxeMrHViAgBf3NkCnLGWD5/aYUK2hmlz9QjSYhuK eVf/8CKYRziXm95QxxlNu0fG4u0ZF7ZuQO7aTdAYWnP7dztF1m6RrBjVnbKsO26g fx4BLNlxGX8XfIjAghSF6j3WC5b3UusNYZkIuvRTUVa+4FhGGvixtqYqvFSFxmIA HT4aIqq2gjI0U3aqMo/j+91I8qKWrkCM+uiH/QSdxbnkiXyWTEOxuup+kc8nfzeA C9PHUpaq3r/1WUXQjgy6BEoLrBG2hYS++aDwK+55q6l8xf1k5CiauhbAwrGh+D5J G484ABgKaxrhdfM98b05WD3KMoe/7cVc48AcebQ6eU9lpsqJmXUPkANTPB8gdHQ/ Ygyg9Gj3kjdrC6c8cjdII3gZ62XxrDGRnrZtVN13PXLDbPOnXYPCcg+XXRHtEkG3 xpyf2GS+HVckE1Y8qj+ATdhGYBWcUIdSwbCCvo/E7R0xhtSw3dOgiCwFjt43CUqf ySEhOp5afBcLrTsf3pptgH9U9GFsm+HU32BClEUXDvfsQhBIhVUSEApsTCWsd76n +DsuL/VIpTXKNWNpnvhE8qDBhxy41ZIKWCMDM7pOYslVQsYAyQ2aVjsr12HJoEeF ZHMZylzAfHmsL/VRNLbp =ilCx -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170202041350.GA17877>