FYI: SSH1 now disabled at compile-time by default

Nico Kadel-Garcia nkadel at gmail.com
Wed Mar 25 14:00:22 AEDT 2015


On Tue, Mar 24, 2015 at 10:37 PM, Dan Kaminsky <dan at doxpara.com> wrote:
> On Tuesday, March 24, 2015, Damien Miller <djm at mindrot.org> wrote:
>
>> On Tue, 24 Mar 2015, Dan Kaminsky wrote:
>>
>> > Hmm.  Feels a little aggressive for ssh client.  Support heartily for
>> sshd.
>>
>> People who need it can build their own, or OS vendors might supply a
>> non-default v.1 capable client binary themselves.
>>
>> IMO it's time to apply some selection pressure to a protocol that can't
>> be secured.
>>
>> -d
>>
>
> I'm getting some numbers, standby

If it's disabled by default in any major distributions, it's going to
break a lot of git repositories, svn+ssh repositories, and rsync
environments. Can it wait until version 7, instead of being slipped
into a minor update?


More information about the openssh-unix-dev mailing list