ssh?

Todd Zullinger tmz at pobox.com
Fri Jun 20 03:04:59 UTC 2008


Cameron Simpson wrote:
> Actually a modern ssh will get ssh2 keys from authorized_keys.  To
> lock it down you should specify "Protocol 2" in the sshd_config
> file, thus forbidding ssh1 in the sshd config, and not by luck with
> the key file.

FWIW, this has been the default in openssh for a bit over a year now.
The sshd_config that is shipped in Fedora's packages contains this:

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

The upstream openssh change was made in this commit:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.diff?r1=1.74&r2=1.75

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It is better to weep with wise men than to laugh with fools.
    -- Spanish Proverb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080619/4172f0cd/attachment-0001.sig>


More information about the fedora-list mailing list