Bug 88329
| Summary: | RFE openssh daemon enables protocol 1 by default | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kevin J. Miller <kjmiller> |
| Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | rawhide | CC: | laroche, mgb, mjc, p.van.egdom |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssh-3.9p1-10 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-02-08 15:38:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I agree, I have been having to disable it manually on all the machines I administrate. I have even found putty using ssh1 by default. So this just isn't a case of when people use ssh1 on purpose. Whilst protocol version 1 has some 'known security issues' in general these did not affect OpenSSH. For example looking at http://www.f-secure.com/support/technical/ssh/ssh1_vulnerabilities.shtml each of these issues does not affect OpenSSH, and http://www.openssh.com/goals.html gives you some more details. We should consider this again as most clients now support ssh v2. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 Description of problem: The file /etc/ssh/sshd_config has both protocols 1 and 2 of ssh enabled by default. Protocol 1 has known security problems, and should be disabled by default. Version-Release number of selected component (if applicable): openssh-server-3.5p1-6 How reproducible: Always Steps to Reproduce: 1. I can log in with a protocol 1 client. Additional info: