An update on SSH protocol 1
djm at mindrot.org
Tue May 3 22:33:29 AEST 2016
At this stage, we're most of the way towards fully deprecating
SSH protocol 1 - this outlines our plans to complete this task.
We've had this old protocol in various stages of deprecation for almost
10 years and it has been compile-time disabled for about a year.
Downstream vendors, to their credit, have included this change in recent
OS releases by shipping OpenSSH packages that disable protocol 1 by
default and/or offering separate, non-default packages to enable it.
This seems to have proceeded far more smootly than even my most
optimisitic hopes, so this gives us greater confidence that we can
complete the removal of protocol 1 soon. We want to do this partly to
hasten the demise of this cryptographic trainwreck, but also because
doing so removes a lot of legacy code from OpenSSH that inflates our
attack surface. Having it gone will make our jobs quite a bit easier
as we maintain and refactor.
So here are our plans. Dates are estimates only.
* June 2016
Release OpenSSH 7.3. SSH protocol 1 is unchanged. We start mention
these plans in the release notes to give them wider publicity.
* August 2016
Release OpenSSH 7.4. Server-side support for SSHv1 is removed from
our codebase. Client support remains disabled by default.
* June 2017
OpenSSH removes all SSH protocol 1 support.
So this is just over a year of notice ahead of final deprecation. After
we release OpenSSH without SSHv1 support, users who absolutely need it
would have to use a prior version of OpenSSH or some other
We recognise that this may leave some users without a supported client
for their protocol v1 hosts, but we feel that >10 years of transition
is time enough.
Feedback is welcome.
Damien Miller (on behalf of the team)
More information about the openssh-unix-dev