Date: Tue, 6 Jul 2021 18:20:16 GMT From: Ed Maste <emaste@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: b45dd6398a - main - handbook: OpenSSH no longer supports protocol v1 Message-ID: <202107061820.166IKGnh086169@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by emaste (src committer): URL: https://cgit.FreeBSD.org/doc/commit/?id=b45dd6398ac616ef6a0b4061277a90b2b0ff1240 commit b45dd6398ac616ef6a0b4061277a90b2b0ff1240 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2021-07-06 17:23:51 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2021-07-06 18:19:47 +0000 handbook: OpenSSH no longer supports protocol v1 Base system commit 4f52dfbb8d6c (May 2018) introduced OpenSSH 7.6p1, which dropped support for the SSH v1 protocol. The v2 protocol has existed for a very long time and is ubiquitous so there is no need to mention protocol compatibility at all here. Reviewed by: ygy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31079 --- documentation/content/en/books/handbook/security/_index.adoc | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc index 1d9d764b47..4d60f4012b 100644 --- a/documentation/content/en/books/handbook/security/_index.adoc +++ b/documentation/content/en/books/handbook/security/_index.adoc @@ -1576,7 +1576,6 @@ Additionally, TCP/IP connections can be tunneled or forwarded securely through S OpenSSH encrypts all traffic to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. OpenSSH is maintained by the OpenBSD project and is installed by default in FreeBSD. -It is compatible with both SSH version 1 and 2 protocols. When data is sent over the network in an unencrypted form, network sniffers anywhere in between the client and server can steal user/password information or data transferred during the session. OpenSSH offers a variety of authentication and encryption methods to prevent this from happening. @@ -1606,10 +1605,8 @@ When the user accepts the key's fingerprint by typing `yes` when connecting for Future attempts to login are verified against the saved key and `ssh` will display an alert if the server's key does not match the saved key. If this occurs, the user should first verify why the key has changed before continuing with the connection. -By default, recent versions of OpenSSH only accept SSHv2 connections. -By default, the client will use version 2 if possible and will fall back to version 1 if the server does not support version 2. -To force `ssh` to only use the specified protocol, include `-1` or `-2`. -Additional options are described in man:ssh[1]. +Recent versions of OpenSSH only accept SSHv2 connections. +SSH protocol version 1 is obsolete. Use man:scp[1] to securely copy a file to or from a remote machine. This example copies [.filename]#COPYRIGHT# on the remote system to a file of the same name in the current directory of the local system:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107061820.166IKGnh086169>