Compatibility issue: OpenSSH v2.3.0p1 vs. 3.0.2: RSA keys

Ulrich Windl Ulrich.Windl at
Wed Mar 6 21:58:40 EST 2002

On 6 Mar 2002, at 11:50, Gert Doering wrote:

> Hi,
> On Wed, Mar 06, 2002 at 10:13:15AM +0100, Ulrich Windl wrote:
> > > > Password login worked fine, but a password for an existing and 
> > > > configured RSA1 key was never asked, the key never tried. It always 
> > > > fell back to plain password authentication.
> > > > 
> > > > After fiddling with the client configuration without success, I found 
> > > > out that using "ssh -1" made the client succeed.
> > > 
> > > RSA1 keys won't be used on "-2" connections, they're protocol 1 only.
> > > 
> > > So without "-1" you effectively do not *have* a key, and thus ssh won't
> > > ask you for a password.
> > 
> > However if you disable plain password in the client's configuration, no 
> > connection can be made using the auto-negotiated protocol, while the v1 
> > protocol would work just fine.
> That's the way it is.  V2 is the default now (documented in the release
> notes to 2.9, if I remember correctly), and it won't use V1 keys.
> > The problem seems to be that OpenSSH uses version numbers to decide 
> > about features, while an explicit feature list would be the way to go.
> > OpenSSH will never know all the implementations of the SSH protocol.
> I can't follow you here.  The server states what protocols it can do, and
> the client knows which one it prefers in case there are multiple options.

If the server can do v1 RSA keys, and the client can, but the server 
cannot do v2 password, why is the "default" used, and not the 
negotiated (i.e. v1 RSA key).

I mean protocol version is one constant, but security policy is a 
variable. If the server announces to accept RSA1 keys, and the client 
can use it, why not?

> If you want to stay with protocol 1 for servers that support it, put
> "protocol 1,2"
> into your ssh_config file.  Then ssh will default to "-1" and fall back to
> "-2" for servers that don't support ssh protocol 1 (and of course your
> key won't work then, no matter how much you complain - protocol 1 keys
> *do not work* with protocol 2).

Almost: If the client would fall back to v1 if v2 failed to establish a 
connection (no authentication method available), it would be fine. If a 
good negotiation took place, the right protocol would be used 

I still think that at least within OpenSSH the compatibility should be 
as good as possible.


More information about the openssh-unix-dev mailing list