> On 30 Jan 2017, at 20:52, heasley <h...@shrubbery.net> wrote: > > That is sad; I doubt that I am the only one who would need this - there > are millions of Cisco, HP, and etc network devices that folks must continue > to access but will never receive new firmware with sshv2. It takes a long > time for some equipment to transition to the recycle bin - even after > vendor EOLs.
I get your point, but there are other ways to go about this. The right way to go about it would IMHO be fairly simple: If you have few boxes, bin them. If they’re not getting firmware updates, ssh v1 isn’t your only problem. If you have too many critical or expensive boxes to make that practical, you can probably afford a Soekris, Raspberry Pi or similar, that you can keep at FreeBSD 10, and use as a jump host. Which you should probably have anyway, if your equipment is no longer getting updates. Either way; problem solved, and relatively cleanly so. “We have that crud over there, so we must keep this crud over here” really isn’t the way to move security forward, especially not when better solutions are easily available. SSH2 has been around for a decade now, it’s time to let go of SSH1, at least in primary systems. Terje _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
