Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh config path change (/etc -> /etc/ssh))
To: Curt Sampson <cjs@cynic.net>
From: None <xs@kittenz.org>
List: tech-security
Date: 03/15/2002 11:56:30
on Fri, Mar 15, 2002 at 11:35:30AM +0900, Curt Sampson wrote:
> On Thu, 14 Mar 2002, Johan A. van Zanten wrote:
>
> > So then it seems as if you are suggesting that v1 be disabled in the
> > default NetBSD config.,
>
> Ok, I'm still unclear as to exactly what advantage V2 has over V1,
> besides that CRC insertion attack. (Not that that isn't good enough
> reason to switch to V2.)
http://www.snailbook.com/faq/ssh-1-vs-ssh-2.auto.html
Noteably:
* Seperate keys for each direction
* Rekeying (Although a sshd option to enforce this to a certain period
of time or amount of traffic would be nice, but that could just be my
lack of RTFM'ing.)
* Extensible wrt crypto algos ("All algorithms based around idea xyz
have a flaw!" "ok, switch to something else, no need to wait for
major hackery of the protocol specs")
* Multiple forms of auth ("I want all users to use s/key with RSA keys")
(As a side note, it looks like openssh might finally get (some) privilege
seperation:
http://www.citi.umich.edu/u/provos/ssh/privsep.html)