FYI: SSH1 now disabled at compile-time by default

Hubert Kario hkario at redhat.com
Sat Mar 28 01:02:05 AEDT 2015


On Friday 27 March 2015 14:45:13 Gert Doering wrote:
> Hi,
> 
> On Fri, Mar 27, 2015 at 02:36:50PM +0100, Hubert Kario wrote:
> > > Same thing with needing sshv1 to access old network gear where even
> > > sshv1
> > > was an achievement.  "Throw away gear that does its job perfectly well,
> > > but has no sshv2 for *management*" or "keep around an ssh v1 capable
> > > client"?
> > 
> > If you depend on hardware like this, you should have support* for it.
> > Exactly because issues like this.
> > 
> >  * - where "support" means that either you have other people responsible
> >  for
> > 
> > fixing it or that you can hire other people to fix it as the need arises
>
> Try opening a case with HP that their ILO is broken and stupid, and they
> will happily sell you a new machine with a less broken ILO (or "differently"
> broken), but not do stuff like "add sane ciphers to an ILO2".  Same for
> Cisco - of course you can buy a new machine with SSHv2, but for the old
> one, they will do hardware replacement if it breaks, but no "new features
> in the software"...

then vote with your wallet

as long as you keep buying broken hardware, they will keep selling broken 
hardware

> Yes, it would be so cool if we could just pay someone to put Linux on
> our routing gear and give us a SSHv2 server (without breaking the functions
> that the device is important for, like "routing").  Right.

Linux can work as a router. And nowadays most of network appliances are just 
regular x86 PCs with nice GUI on top.

-- 
Regards,
Hubert Kario
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150327/19e50336/attachment.bin>


More information about the openssh-unix-dev mailing list