From owner-dev-commits-doc-all@freebsd.org Tue Jul 6 18:20:16 2021 Return-Path: Delivered-To: dev-commits-doc-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EBD976652C9 for ; Tue, 6 Jul 2021 18:20:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GK9p86QcLz4c49; Tue, 6 Jul 2021 18:20:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BAFAF1E1D6; Tue, 6 Jul 2021 18:20:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 166IKGWF086173; Tue, 6 Jul 2021 18:20:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 166IKGnh086169; Tue, 6 Jul 2021 18:20:16 GMT (envelope-from git) Date: Tue, 6 Jul 2021 18:20:16 GMT Message-Id: <202107061820.166IKGnh086169@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Ed Maste Subject: git: b45dd6398a - main - handbook: OpenSSH no longer supports protocol v1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b45dd6398ac616ef6a0b4061277a90b2b0ff1240 Auto-Submitted: auto-generated X-BeenThere: dev-commits-doc-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the doc repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2021 18:20:17 -0000 The branch main has been updated by emaste (src committer): URL: https://cgit.FreeBSD.org/doc/commit/?id=b45dd6398ac616ef6a0b4061277a90b2b0ff1240 commit b45dd6398ac616ef6a0b4061277a90b2b0ff1240 Author: Ed Maste AuthorDate: 2021-07-06 17:23:51 +0000 Commit: Ed Maste CommitDate: 2021-07-06 18:19:47 +0000 handbook: OpenSSH no longer supports protocol v1 Base system commit 4f52dfbb8d6c (May 2018) introduced OpenSSH 7.6p1, which dropped support for the SSH v1 protocol. The v2 protocol has existed for a very long time and is ubiquitous so there is no need to mention protocol compatibility at all here. Reviewed by: ygy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31079 --- documentation/content/en/books/handbook/security/_index.adoc | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc index 1d9d764b47..4d60f4012b 100644 --- a/documentation/content/en/books/handbook/security/_index.adoc +++ b/documentation/content/en/books/handbook/security/_index.adoc @@ -1576,7 +1576,6 @@ Additionally, TCP/IP connections can be tunneled or forwarded securely through S OpenSSH encrypts all traffic to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. OpenSSH is maintained by the OpenBSD project and is installed by default in FreeBSD. -It is compatible with both SSH version 1 and 2 protocols. When data is sent over the network in an unencrypted form, network sniffers anywhere in between the client and server can steal user/password information or data transferred during the session. OpenSSH offers a variety of authentication and encryption methods to prevent this from happening. @@ -1606,10 +1605,8 @@ When the user accepts the key's fingerprint by typing `yes` when connecting for Future attempts to login are verified against the saved key and `ssh` will display an alert if the server's key does not match the saved key. If this occurs, the user should first verify why the key has changed before continuing with the connection. -By default, recent versions of OpenSSH only accept SSHv2 connections. -By default, the client will use version 2 if possible and will fall back to version 1 if the server does not support version 2. -To force `ssh` to only use the specified protocol, include `-1` or `-2`. -Additional options are described in man:ssh[1]. +Recent versions of OpenSSH only accept SSHv2 connections. +SSH protocol version 1 is obsolete. Use man:scp[1] to securely copy a file to or from a remote machine. This example copies [.filename]#COPYRIGHT# on the remote system to a file of the same name in the current directory of the local system: