> You want to run SSHv2. Believe me.

> And, again, you do not want to run SSHv1.  If you insist on using V1,
> use telnet ;)

Why?  All the attacks against v1 that I have heard of are either
social-engineering MitM attacks that depend on either the client not
already having the server's host key or the human ignoring the client's
warning about a changed host key, or pure DoS attacks that inject
unpredictable (to the attacker) garbage into the data stream.  All of
them require sniffer-and-injector-level access to the packet stream
between server and client.  The MitM attacks work equally well against
v2, and there are plenty of environments where the garbage-injection
attack is significantly outside the threat model of concern - like my
house LAN.

If you know of anything else, I'd very much appreciate hearing more
details.  I'm getting awfully tired of hearing the "don't use v1"
mantra repeated by people who don't seem to actually understand it.
(Perhaps you're not in that category, but I can't tell, since you
provided no significant information.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B