From owner-cvs-all  Fri Sep 28  4:59: 4 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 73CC937B408; Fri, 28 Sep 2001 04:58:58 -0700 (PDT)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id f8SBwdB31832;
	Fri, 28 Sep 2001 07:58:39 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 28 Sep 2001 07:58:38 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Kris Kennaway <kris@obsecurity.org>
Cc: Mike Silbersack <silby@silby.com>,
	Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h
In-Reply-To: <20010928013527.A8101@xor.obsecurity.org>
Message-ID: <Pine.NEB.3.96L.1010928075707.31337C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On Fri, 28 Sep 2001, Kris Kennaway wrote:

> On Fri, Sep 28, 2001 at 01:58:57AM -0500, Mike Silbersack wrote:
> > 
> > On Thu, 27 Sep 2001, Brian Feldman wrote:
> > 
> > >   The only difference between this and what's in -CURRENT is that the
> > >   default /etc/ssh/ssh_config sets "Protocol 1,2" for all hosts.  This can
> > >   be overrided entirely in user ~/.ssh/config files, as always.
> > 
> > Are there known compatibility problems with version 2 that this works
> > around, or is this just so that people don't get surprised when they need
> > to verify a new host key?
> 
> If you change the protocol to 2,1 then your version 1 RSA keys won't
> be used by default because if the server can speak the ssh2 protocol
> then the client will try to auth with SSH2 keys first (which probably
> wont be set up to work, or may have different passphrases, etc) and
> then fall back to SSH2 password auth.

For a while I was having a problem where different versions of SSH
displayed different key fingerprints for the same RSA key (possibly it
depends on the protocol used?).  I may have misunderstood the problem, but
if this does exist, has it been resolved?  Also, any hope of agent
forwarding working with protocol 2 someday?

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message