From owner-cvs-all  Fri Sep 28  7:46:18 2001
Delivered-To: cvs-all@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0C3AA37B407; Fri, 28 Sep 2001 07:46:09 -0700 (PDT)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id IAA28197;
	Fri, 28 Sep 2001 08:46:02 -0600 (MDT)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id IAA24379;
	Fri, 28 Sep 2001 08:46:01 -0600 (MDT)
	(envelope-from nate)
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15284.36137.254842.551909@nomad.yogotech.com>
Date: Fri, 28 Sep 2001 08:46:01 -0600
To: Kris Kennaway <kris@obsecurity.org>
Cc: Mike Silbersack <silby@silby.com>,
	Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh atomicio.h auth-chall.c auth2-chall.c canohost.h clientloop.h groupaccess.c groupaccess.h kexdh.c kexgex.c log.h mac.c mac.h misc.c misc.h pathnames.h
In-Reply-To: <20010928013527.A8101@xor.obsecurity.org>
References: <200109280133.f8S1Xr363615@freefall.freebsd.org>
	<20010928015644.N84277-100000@achilles.silby.com>
	<20010928013527.A8101@xor.obsecurity.org>
X-Mailer: VM 6.95 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> > >   The only difference between this and what's in -CURRENT is that the
> > >   default /etc/ssh/ssh_config sets "Protocol 1,2" for all hosts.  This can
> > >   be overrided entirely in user ~/.ssh/config files, as always.
> > 
> > Are there known compatibility problems with version 2 that this works
> > around, or is this just so that people don't get surprised when they need
> > to verify a new host key?
> 
> If you change the protocol to 2,1 then your version 1 RSA keys won't
> be used by default

Ok so far.

> because if the server can speak the ssh2 protocol
> then the client will try to auth with SSH2 keys first (which probably
> wont be set up to work, or may have different passphrases, etc) and
> then fall back to SSH2 password auth.

So, in other words, there is really no point in having both protocols
listed in the same line, since only one protocol is ever attempted.

A better description of the protocol line woudl be:

"Protocol 1"
*OR*
"Protocol 2"

Since in fact, it doesn't try the first protocol, and if it fails, then
try the second protocol.  It always sticks with the primary protocol.


Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message