FYI: SSH1 now disabled at compile-time by default
Alex Bligh
alex at alex.org.uk
Fri Mar 27 07:11:28 AEDT 2015
On 26 Mar 2015, at 19:43, Iain Morgan <imorgan at nas.nasa.gov> wrote:
> Those who are still using SSH1 have already demonstrated the fact that
> they are slow to embrace new technology, so I would not be surprised to
> find that the majority of them are also slow to upgrade to newer
> versions of OpenSSH. I would also not be surprised to find that many of
> them are still using telnet to manage their routers.
Really?
I use ssh2 everywhere (obviously). Occasionally I need to connect to
an old Cisco box that cannot be upgraded to support new ssh protocols
because it the flash is not large enough. It's locked down by IP
address, and behind a firewall, but the only option other than ssh is
telnet. I'd like my normal client to support sshv2 and sshv1. I don't mind
having to explicitly request this on the command line, nor do
I mind warnings. I don't think this use case is particularly unusual
given ssh is a 'swiss army knife' tool. Does the fact I still like
my odd-tool-that-removes-the-stones-from-horses-hooves make me
slow to embrace the shiny sharp blade?
Or (to put this another way) - fine, disable at compile-time
by default if you want. But please also make it possible to
have it compiled in but produce a warning and require explicit
confirmation or something. This would encourage the distros
to choose either one of those things, rather than simply
change the compilation option back.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list