Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Brian A. Seklecki <lavalamp@spiritual-machines.org>
List: netbsd-users
Date: 03/15/2002 07:36:26
On Thu, 14 Mar 2002, Greg A. Woods wrote:

> a "grep" without piping it to the pager and it spews far more than I
> expect) is imensely valuable.  The fact that chatty protocols like CVS,
> X11, rsync, etc. actually work correctly through SSH tunnels even in the
> face of conjestion and packet loss is a major improvement too.  It is
> sad for me to learn that OpenSSH has botched flow control support in its

the client already presently defaults to trying 2, failing back to 1.

-lava

> v2 implementation (though it makes me thankful for the choice I made to
> not use OpenSSH! :-).
>
> As for disabling v1 support, well I've done that for my servers, and now
> with SSH-v3.0 and newer there's internal emulation of the v1 client
> protocol so my new clients can still talk to devices running older
> servers that cannot be as easily upgraded.
>
> --
> 								Greg A. Woods
>
> +1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
> Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>
>

later -           | _BonaFide[] = { coder, author, | /~\ The ASCII Ribbon
Brian A. Seklecki | problem solver, scholar, BOFH, | \ / Campaign Against
                  | vegetarian, runner, NetBSD     |  X  Exchange, Outlook
                  | advocate, spiritual machine }; | / \ & HTML Email

"GNU/EMACS: The only app to ever come with docs bigger than the binary"