authorized_keys2 directory idea

Rob Hagopian rob at
Tue Jun 5 06:25:49 EST 2001

>From FreeBSD-SA-01:24.ssh.asc:

"If you are running sshd, disable the use of the SSH1 protocol in
OpenSSH.  SSH1 contains inherent protocol deficiencies and is not
recommended for use in high-security environments.  Note that some
third-party SSH clients are not capable of using the SSH2 protocol,
however the OpenSSH client (version 2.1 and later) included in FreeBSD
is SSH2-capable."

No, it doesn't matter to me, although all of our higher security boxes
have ssh1 turned off.

It does worry me that openssh still has a significant amount of
v1.2.xx code in it. I'm sure it's been audited a number of times, but
problems have still cropped up in it recently...

On Mon, 4 Jun 2001, Markus Friedl wrote:

> On Mon, Jun 04, 2001 at 12:27:20PM -0400, Rob Hagopian wrote:
> > So now security decisions are made via stats user stats and not on the
> > security merits? That's in direct contradiction to your reasoning for
> > excluding this patch.
> what's wrong with protocol v1? does it matter to you?

More information about the openssh-unix-dev mailing list