ssh?
Todd Zullinger
tmz at pobox.com
Fri Jun 20 03:04:59 UTC 2008
Cameron Simpson wrote:
> Actually a modern ssh will get ssh2 keys from authorized_keys. To
> lock it down you should specify "Protocol 2" in the sshd_config
> file, thus forbidding ssh1 in the sshd config, and not by luck with
> the key file.
FWIW, this has been the default in openssh for a bit over a year now.
The sshd_config that is shipped in Fedora's packages contains this:
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
The upstream openssh change was made in this commit:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.diff?r1=1.74&r2=1.75
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It is better to weep with wise men than to laugh with fools.
-- Spanish Proverb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080619/4172f0cd/attachment-0001.sig>
More information about the fedora-list
mailing list