From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 Description of problem: The file /etc/ssh/sshd_config has both protocols 1 and 2 of ssh enabled by default. Protocol 1 has known security problems, and should be disabled by default. Version-Release number of selected component (if applicable): openssh-server-3.5p1-6 How reproducible: Always Steps to Reproduce: 1. I can log in with a protocol 1 client. Additional info:
I agree, I have been having to disable it manually on all the machines I administrate. I have even found putty using ssh1 by default. So this just isn't a case of when people use ssh1 on purpose.
Whilst protocol version 1 has some 'known security issues' in general these did not affect OpenSSH. For example looking at http://www.f-secure.com/support/technical/ssh/ssh1_vulnerabilities.shtml each of these issues does not affect OpenSSH, and http://www.openssh.com/goals.html gives you some more details.
We should consider this again as most clients now support ssh v2.