Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh config path change (/etc -> /etc/ssh))
To: Curt Sampson <cjs@cynic.net>
From: None <xs@kittenz.org>
List: tech-security
Date: 03/15/2002 11:56:30
on Fri, Mar 15, 2002 at 11:35:30AM +0900, Curt Sampson wrote:
> On Thu, 14 Mar 2002, Johan A. van Zanten wrote:
> 
> > So then it seems as if you are suggesting that v1 be disabled in the
> > default NetBSD config.,
> 
> Ok, I'm still unclear as to exactly what advantage V2 has over V1,
> besides that CRC insertion attack. (Not that that isn't good enough
> reason to switch to V2.)

http://www.snailbook.com/faq/ssh-1-vs-ssh-2.auto.html

Noteably:
    * Seperate keys for each direction
    * Rekeying (Although a sshd option to enforce this to a certain period
      of time or amount of traffic would be nice, but that could just be my
      lack of RTFM'ing.)
    * Extensible wrt crypto algos ("All algorithms based around idea xyz
      have a flaw!" "ok, switch to something else, no need to wait for
      major hackery of the protocol specs")
    * Multiple forms of auth ("I want all users to use s/key with RSA keys")

(As a side note, it looks like openssh might finally get (some) privilege
 seperation:
 http://www.citi.umich.edu/u/provos/ssh/privsep.html)