From owner-freebsd-security Wed Mar 27 7:53:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by hub.freebsd.org (Postfix) with ESMTP id 3698637B416 for ; Wed, 27 Mar 2002 07:53:22 -0800 (PST) Received: from localhost (lcl234.zbzoom.net [208.236.36.234]) by pittgoth.com (8.11.6/8.11.6) with SMTP id g2RFtfq52237; Wed, 27 Mar 2002 10:55:41 -0500 (EST) (envelope-from darklogik@pittgoth.com) Date: Wed, 27 Mar 2002 11:01:00 -0500 From: Tom Rhodes To: Michael Lucas Cc: dan@tangledhelix.com, freebsd-security@FreeBSD.ORG Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-Id: <20020327110100.6d638389.darklogik@pittgoth.com> In-Reply-To: <20020327074236.B86929@blackhelicopters.org> References: <20020326185714.F22539@mail.webmonster.de> <20020326182003.F15545-100000@patrocles.silby.com> <20020326181634.A919@lothlorien.tangledhelix.net> <20020327074236.B86929@blackhelicopters.org> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=.:kAuWAFj2)lPva" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.:kAuWAFj2)lPva Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 27 Mar 2002 07:42:36 -0500 Michael Lucas wrote: > On Tue, Mar 26, 2002 at 06:16:34PM -0500, Dan Lowe wrote: > > Previously, Mike Silbersack wrote: > > > > > > Yes, upgrading clients to v2 would be best. However, I don't > > > think that locking out v1 users would be the best way to achieve > > > that. The most likely result of doing so would be people > > > falling back to telnet. > > > > On a system where security is of any concern whatsoever, why would > > telnet be available in the first place? > > I just dealt with a group of "senior" admins here in Detroit who > weren't familiar with the problems of telneting to their Ciscos. > Ethereal was quite the shock to them. :-) > > It's taken us years to basically scrub telnet off the map, and it's > still not gone. SSHv1 is far better than telnet, and there are any > number of v1 clients still out there. Please don't make it any > harder than it absolutely has to be. > > Perhaps a comment in the file, "we recommend using v2 whenever > possible", so people stumble across it frequently even if they don't > bother reading the docs? How about a nice addition to the ssh manual pages just because I do not think they describe things well enough. For instance, when I first started using scp(1), I fought like hell before I figured it out. I do not feel the manual page had a clear description of how to use scp(1). It did, however, cover the options well... I think that it should describe how to use protocol 2, I also think it should point you to a reference of the use options. Opinions? > > ==ml > > -- > Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org > my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons > > http://www.blackhelicopters.org/~mwlucas/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Tom (Darklogik) Rhodes www.FreeBSD.org -The Power To Serve www.Pittgoth.com -Pittgoth Discussion Portal trhodes@ {Pittgoth.com, FreeBSD.org} --=.:kAuWAFj2)lPva Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) iD8DBQE8oezAwPmgiRuevUMRAhLZAKCL7MrD6ClvW+dX4qASoLCLEIHY3gCg6p62 KJvApIOtEXYMH/ETFFOyn9M= =A+qb -----END PGP SIGNATURE----- --=.:kAuWAFj2)lPva-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message