Thanks for the response.  I forwarded part of it to the JPL-sysadmin 
mailing list.  Seems a lot of JPL SA's are sticking to ssh1 even 
though we have a free site license to ssh2 because they need to 
support Mac clients and they think they can't run both.

At 10:09 AM -0400 9/22/00, gabriel rosenkoetter wrote:
>On Thu, Sep 21, 2000 at 10:44:59AM -0700, Henry B. Hotz wrote:
> > Does it work?  I seem to recall something said a long time ago about
> > it working, but only if you configured the fallback in some specific
> > way.
>
>As I recall, NiftyTelnet has only the ssh1 protocol. That may have
>changed recently, though.

No change, though there is a new, free, unrelated ssh2 client that 
doesn't quite work yet.  (It was announced on the mac-crypto list.) 
Unlike the F-secure clients NiftyTelnet supports scp.

>But don't use ssh.com's software. They have a non-nice license and
>various bugs. Use OpenSSH (installing from pkgsrc should work fine,
>did on the couple of mac68ks in my cluster here, but they're 1.4.2 not
>1.5anything) instead. It supports both protocols in the same server
>and is generally better-written. (No personal offense meant to Tatu,
>but the ssh.com thing is way out of his hands these days.)

I'm running 1.2.27 on Solaris, and on NetBSD/macppc 1.5 alpha 1.  My 
remaining Mac68k box is only a IIcx and probably couldn't handle it 
well.  Almost all of the client connections in my case are from MacOS 
so there seems little reason to figure out why people think SSH2 is 
better.  I'm interested to see that OpenSSH is now getting 
recommendations that it may be ready for prime time.

For NetBSD I'm using the pkgsrc-patched-source, but I had to do the 
configure and install the old fashioned way in order to get .rhosts 
authentication to work.  The only difference I see that might matter 
is --without-rsh.  Why anyone would want to run ssh with rsh fallback 
escapes me since that would defeat the whole point of ssh.  Why the 
default configuration isn't --without-rsh *really* escapes me.


Signature held pending an ISO 9000 compliant
signature design and approval process.
h.b.hotz@jpl.nasa.gov, or hbhotz@oxy.edu