From owner-cvs-all Fri Sep 28 7:46:18 2001 Delivered-To: cvs-all@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 0C3AA37B407; Fri, 28 Sep 2001 07:46:09 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id IAA28197; Fri, 28 Sep 2001 08:46:02 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id IAA24379; Fri, 28 Sep 2001 08:46:01 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15284.36137.254842.551909@nomad.yogotech.com> Date: Fri, 28 Sep 2001 08:46:01 -0600 To: Kris Kennaway Cc: Mike Silbersack , Brian Feldman , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h In-Reply-To: <20010928013527.A8101@xor.obsecurity.org> References: <200109280133.f8S1Xr363615@freefall.freebsd.org> <20010928015644.N84277-100000@achilles.silby.com> <20010928013527.A8101@xor.obsecurity.org> X-Mailer: VM 6.95 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > The only difference between this and what's in -CURRENT is that the > > > default /etc/ssh/ssh_config sets "Protocol 1,2" for all hosts. This can > > > be overrided entirely in user ~/.ssh/config files, as always. > > > > Are there known compatibility problems with version 2 that this works > > around, or is this just so that people don't get surprised when they need > > to verify a new host key? > > If you change the protocol to 2,1 then your version 1 RSA keys won't > be used by default Ok so far. > because if the server can speak the ssh2 protocol > then the client will try to auth with SSH2 keys first (which probably > wont be set up to work, or may have different passphrases, etc) and > then fall back to SSH2 password auth. So, in other words, there is really no point in having both protocols listed in the same line, since only one protocol is ever attempted. A better description of the protocol line woudl be: "Protocol 1" *OR* "Protocol 2" Since in fact, it doesn't try the first protocol, and if it fails, then try the second protocol. It always sticks with the primary protocol. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message