FYI: SSH1 now disabled at compile-time by default

Iain Morgan imorgan at nas.nasa.gov
Fri Mar 27 06:43:40 AEDT 2015


On Thu, Mar 26, 2015 at 11:55:18 -0700, Dan Kaminsky wrote:
> You're right.  My argument the is the next build of OpenSSH should be
> OpenSSH 7, and the one after that 8, then 9, then 10.  No minor releases?
> Sure, go ahead.  Deprecate the point,
> 
> Do you manage any machines running SSHv1?
> 

If by "running" you mean accepting SSH1, of course not. From a security
perspective, no one should be using SSH1.

For those who, for whatever reason, need to support systems that only
support SSH1, there are already sufficient solutions that have been
noted multiple times on this list.

Those who are still using SSH1 have already demonstrated the fact that
they are slow to embrace new technology, so I would not be surprised to
find that the majority of them are also slow to upgrade to newer
versions of OpenSSH. I would also not be surprised to find that many of
them are still using telnet to manage their routers.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list