FYI: SSH1 now disabled at compile-time by default
Hubert Kario
hkario at redhat.com
Tue Mar 31 02:13:17 AEDT 2015
On Friday 27 March 2015 15:14:56 Gert Doering wrote:
> Hi,
>
> On Fri, Mar 27, 2015 at 03:02:05PM +0100, Hubert Kario wrote:
> > > > * - where "support" means that either you have other people
> > > > responsible
> > > > for
> > > >
> > > > fixing it or that you can hire other people to fix it as the need
> > > > arises
> > >
> > > Try opening a case with HP that their ILO is broken and stupid, and they
> > > will happily sell you a new machine with a less broken ILO (or
> > > "differently" broken), but not do stuff like "add sane ciphers to an
> > > ILO2". Same for Cisco - of course you can buy a new machine with
> > > SSHv2, but for the old one, they will do hardware replacement if it
> > > breaks, but no "new features in the software"...
> >
> > then vote with your wallet
> >
> > as long as you keep buying broken hardware, they will keep selling broken
> > hardware
>
> There's the thing about "primary functions" and "secondary functions".
>
> For a server, ILO/IPMI is a secondary function, and no sane company is
> going to buy something that is less good at it's primary function just
> to get something better for secondary functions. Besides, *all* the
> remote management solutions are total sh*t, like "most IPMIs happily
> giving anyone who asks a full list of accounts + passwords" and stuff
> like that - so ILO is actually among the better ones.
>
> For a router, things like "forwarding plane and routing protocol support"
> and "user interface that the people running the network know how to
> operate *and debug*" are critical elements, while "SSHv2" or "SSH with
> pub key authentication" are definitely nice-to-haves, but won't make
> anyone switch vendors.
That's true, unless the servers and routers were planned to be administered
remotely or using automated scripting from day 1...
--
Regards,
Hubert Kario
More information about the openssh-unix-dev
mailing list