FYI: SSH1 now disabled at compile-time by default

Dan Kaminsky dan at doxpara.com
Fri Mar 27 08:05:08 AEDT 2015


So, this isn't your problem and you don't respect the people's whose
problem it is.

On Thu, Mar 26, 2015 at 12:43 PM, Iain Morgan <imorgan at nas.nasa.gov> wrote:

> On Thu, Mar 26, 2015 at 11:55:18 -0700, Dan Kaminsky wrote:
> > You're right.  My argument the is the next build of OpenSSH should be
> > OpenSSH 7, and the one after that 8, then 9, then 10.  No minor releases?
> > Sure, go ahead.  Deprecate the point,
> >
> > Do you manage any machines running SSHv1?
> >
>
> If by "running" you mean accepting SSH1, of course not. From a security
> perspective, no one should be using SSH1.
>
> For those who, for whatever reason, need to support systems that only
> support SSH1, there are already sufficient solutions that have been
> noted multiple times on this list.
>
> Those who are still using SSH1 have already demonstrated the fact that
> they are slow to embrace new technology, so I would not be surprised to
> find that the majority of them are also slow to upgrade to newer
> versions of OpenSSH. I would also not be surprised to find that many of
> them are still using telnet to manage their routers.
>
> --
> Iain Morgan
>


More information about the openssh-unix-dev mailing list