Reading back, I may have been a little unclear. It's probably because the arrogance of the openssl people has always aggravated me. (For example the "none" cipher where they, basically, said eveyone else is too stupid to use it sensibily)
In this instance they have made the $HOME/.ssh/config file a common configuration file between the ssh1 and openssh2 packages. But due to an overly agressive error message it cannot actually be used safely by both packages. Safely would mean that if ssh1 is NOT installed ssh does not connect to a host labeled as "Protocol 1". It does not mean that it sulks until all hints of "Protocol 1" have been removed from the config file. Safely means that if the "ssh1" package is installed it is ONLY used for connections that are EXPLICITLY labeled as "Protocol 1" as the other end may still support ssh1 or there may be a downgrade attack in progress. My personal solution to this on another OS was to create a wrapper that looked down two different config files for the two different versions. If it found the remote host in one of them it used that particular version of the connection tool. If it wasn't found the wrapper used the preferred tool. I think I eventually put the older tool into a library directory where it wasn't even on the path, it could only be used if I had actually created an entry for it. Of course, this used two independent configuration files. BTW: This was a LONG time ago, it was actually between "ssh" and "rsh". As you see the ssh people have a long history. I'm actually a bit surprised that it's taken as long as it has for them to do something like this to kill off V1, ... maybe they're getting better ... or maybe there's just more people to shout at them now. PS: Can the completely insecure ssh1 package have the "none" cipher please. ;-) -- Rob. (Robert de Bath <robert$ @ debath.co.uk>) <http://www.debath.co.uk/>