FYI: SSH1 now disabled at compile-time by default

Iain Morgan imorgan at nas.nasa.gov
Fri Mar 27 07:59:27 AEDT 2015


On Thu, Mar 26, 2015 at 20:11:28 +0000, Alex Bligh wrote:
> 
> On 26 Mar 2015, at 19:43, Iain Morgan <imorgan at nas.nasa.gov> wrote:
> > Those who are still using SSH1 have already demonstrated the fact that
> > they are slow to embrace new technology, so I would not be surprised to
> > find that the majority of them are also slow to upgrade to newer
> > versions of OpenSSH. I would also not be surprised to find that many of
> > them are still using telnet to manage their routers.
> 
> Really?
> 
> I use ssh2 everywhere (obviously). Occasionally I need to connect to
> an old Cisco box that cannot be upgraded to support new ssh protocols
> because it the flash is not large enough. It's locked down by IP
> address, and behind a firewall, but the only option other than ssh is
> telnet. I'd like my normal client to support sshv2 and sshv1. I don't mind
> having to explicitly request this on the command line, nor do
> I mind warnings. I don't think this use case is particularly unusual
> given ssh is a 'swiss army knife' tool. Does the fact I still like
> my odd-tool-that-removes-the-stones-from-horses-hooves make me
> slow to embrace the shiny sharp blade?
> 
> Or (to put this another way) - fine, disable at compile-time
> by default if you want. But please also make it possible to
> have it compiled in but produce a warning and require explicit
> confirmation or something. This would encourage the distros
> to choose either one of those things, rather than simply
> change the compilation option back.
> 
> -- 
> Alex Bligh
> 

So, there's already a compile-time option to enable SSH1 support. And, I
rather suspect that some OS distributors will enable tht option by
default and others might provide both flavors. This is merely a change
to the default for OpenBSD and stock portable OpenSSH.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list