From owner-cvs-all  Fri Sep 28  5:33:41 2001
Delivered-To: cvs-all@freebsd.org
Received: from green.bikeshed.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 45E7637B40C; Fri, 28 Sep 2001 05:33:36 -0700 (PDT)
Received: from localhost (green@localhost)
	by green.bikeshed.org (8.11.4/8.11.1) with ESMTP id f8SCXZX57348;
	Fri, 28 Sep 2001 08:33:35 -0400 (EDT)
	(envelope-from green@green.bikeshed.org)
Message-Id: <200109281233.f8SCXZX57348@green.bikeshed.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Kris Kennaway <kris@obsecurity.org>
Cc: Mike Silbersack <silby@silby.com>,
	Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h 
In-Reply-To: Message from Kris Kennaway <kris@obsecurity.org> 
   of "Fri, 28 Sep 2001 01:35:27 PDT." <20010928013527.A8101@xor.obsecurity.org> 
From: "Brian F. Feldman" <green@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 28 Sep 2001 08:33:34 -0400
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Kris Kennaway <kris@obsecurity.org> wrote:
> On Fri, Sep 28, 2001 at 01:58:57AM -0500, Mike Silbersack wrote:
> > 
> > On Thu, 27 Sep 2001, Brian Feldman wrote:
> > 
> > >   The only difference between this and what's in -CURRENT is that the
> > >   default /etc/ssh/ssh_config sets "Protocol 1,2" for all hosts.  This can
> > >   be overrided entirely in user ~/.ssh/config files, as always.
> > 
> > Are there known compatibility problems with version 2 that this works
> > around, or is this just so that people don't get surprised when they need
> > to verify a new host key?
> 
> If you change the protocol to 2,1 then your version 1 RSA keys won't
> be used by default because if the server can speak the ssh2 protocol
> then the client will try to auth with SSH2 keys first (which probably
> wont be set up to work, or may have different passphrases, etc) and
> then fall back to SSH2 password auth.

My easy solution is just to hardlink .ssh/{identity,id_rsa}{.pub,}.

-- 
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green@FreeBSD.org                    `------------------------------'



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message