Hello, The latest SSH server available in Debian SID no longer allows connections from older SSH clients from just a few years ago.
Well, that's a good thing, some security experts might say, since those older versions of SSH have been found to have vulnerabilites and should no longer be used. Which would be a great argument if it were always possible to run the latest operating system on all platforms. The problem is that some of those SSH clients live in operating systems that can't be upgraded, such as Mac OS 10.6.8 (Snow Leopard) or Mac OS 10.13.6 (High Sierra) on some hardware. Sometimes, older SSH clients can be made to work by adjusting ssh_config on the client or sshd_config on the server (to change the allowed cyphers, for example), but sometimes, and more recently, even that doesn't work. And often scp just doesn't work at all, even when ssh does. I would suggest that even a ten-year-old version of ssh is more secure than telnet or ftp. But I'm using telnet and ftp routinely now on new installations whenever I can't get ssh to work. It would be nice if there were a "--legacy" or similar option for sshd to allow connections from older clients. This isn't much of an issue for m68k, since most of those systems are too slow to support ssh very well, anyway, but powerpc/powerpc64 systems support ssh just fine. I should probably send this request to the SSH upstream developers, but it's likely that none of them would be interested in bringing back older features that are deemed to be less secure, unless a major distribution (such as Debian) supports the effort. I could also install my own copy of an older version of SSH, but sooner or later older versions will no longer compile on modern GNU/Linux distributions. Or I could just keep using telnet and ftp over already-secure internal networks. -Stan Johnson
