Shouldn't be anything big. I didn't even notice I had OpenSSH 2.9
until a couple days after the fact. Of course, that's with rebuilding
the whole system that OpenSSH is designed on.
The crypto developers at OpenBSD/OpenSSH haven't considered key
servers secure enough, at least not enough to publish any code to
implement one :)
SSH2 tries publickey first, and if that fails, password authentication
is tried. Failing that, "keyboard-interactive" authentication is
attemped.
There are, however, a few differences in the key files between SSH1
and SSH2. In the ~/.ssh directory:
known_hosts -> SSH1
known_hosts2 -> SSH2
identity & identity.pub -> SSH1
id_dsa & id_dsa.pub -> SSH2
id_rsa & id_rsa.pub -> SSH2
To create a SSH2 private/public key pair -> ssh-keygen -t [dsa|rsa]
You can use either dsa or rsa keys.
An issue you may encounter is with older SSH1.x only implementations,
but you can set what protocol you're using in the sshd_config file:
Protocol 2,1
would try to load a HostKey for protocol 2 (SSH2), and failing that
would try for the SSH1 HostKey. There's also new names for the
SSH2 HostKey -> ssh_host_dsa_key & ssh_host_rsa_key.
You can also force protocols on the command line -> ssh -1 # SSH1
or in ssh_config files -> Protocol 1 # also SSH1.
<[EMAIL PROTECTED]>
On Wed, May 09, 2001 at 10:37:11PM -0700, Rob Hudson wrote:
> Are there any gotchas to upgrading from 2.5x to 2.9 OpenSSH? It was
> pretty well announced that the default is SSH2 now. Are there any
> issues with trying to use SSH2? I'm not sure, but is a public key
> server required?
>
> Thanks,
> Rob
>
