Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh
To: Johan A. van Zanten <johan@ewranglers.com>
From: Curt Sampson <cjs@cynic.net>
List: netbsd-users
Date: 03/15/2002 11:35:30
On Thu, 14 Mar 2002, Johan A. van Zanten wrote:

> So then it seems as if you are suggesting that v1 be disabled in the
> default NetBSD config.,

Ok, I'm still unclear as to exactly what advantage V2 has over V1,
besides that CRC insertion attack. (Not that that isn't good enough
reason to switch to V2.)

> and additionally, that "StrictHostKeyChecking"
> be set to "yes". Is that correct? Anything else?

Changing StrictHostKeyChecking from "ask" to "yes" provides no
security advantage, as far as I can see. It just changes the user
interface slightly; you have to type "ssh -o 'StrictHostKeyChecking
no' host.example.com" instead of just typing "yes" when prompted.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC