Bug 88329
Summary: | RFE openssh daemon enables protocol 1 by default | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kevin J. Miller <kjmiller> |
Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | rawhide | CC: | laroche, mgb, mjc, p.van.egdom |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssh-3.9p1-10 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-02-08 15:38:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kevin J. Miller
2003-04-08 22:42:53 UTC
I agree, I have been having to disable it manually on all the machines I administrate. I have even found putty using ssh1 by default. So this just isn't a case of when people use ssh1 on purpose. Whilst protocol version 1 has some 'known security issues' in general these did not affect OpenSSH. For example looking at http://www.f-secure.com/support/technical/ssh/ssh1_vulnerabilities.shtml each of these issues does not affect OpenSSH, and http://www.openssh.com/goals.html gives you some more details. We should consider this again as most clients now support ssh v2. |