Thus spake Lucky Green <[EMAIL PROTECTED]>:
... remove ssh1 fallback from the default ...
David Schultz <[EMAIL PROTECTED]> wrote:
Removing SSH 1 ... is going to break compatibility ...
Tim Kientzle <[EMAIL PROTECTED]>:
POLA: before breaking compatibility, warn people.
... "Warning: switching to less-secure SSH1 protocol"
David Schultz wrote:
I think you're missing the point. Warnings are fine, but there is
little good reason to disable SSH1 entirely.
_I_ was actually arguing against disabling SSH1.
I'm on your side.
If one end of the connection is forced to fall back
to SSH1, it's almost certainly because the user at
the other end _doesn't_have_any_other_option_.
I don't really agree with this point. SSH2 and OpenSSH
compile most everywhere now. I would argue that if
one end is forced to fall back, it's because the admins
of that system either don't know about SSH1's problems
or don't believe those problems merit upgrades.
I know SSH1 is insecure, and therefore I don't use it.
Unfortunately, not everyone is so knowledgable. A
brief warning would help spread the news and (hopefully)
help accelerate the transition to SSH2.
... you'd better have a better reason
to do it than ``it lets people do things that are insecure.'' So
do rsh, telnet, hosts.equiv, vipw, et al.
Yes, although telnet and rsh are both disabled in default
FreeBSD installations in 4.7 at least and probably earlier.
So far, I've not heard a lot of complaints. (But there
have been several years now of pounding the 'telnet is evil'
mantra into people's heads.)
Tim Kientzle
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
