Re: Heads up - openssh 6.8 coming to F22
Hi all, of course I don't plan to shut down SSH1 overnight without proper announcement or anything. I'm following the discussion both here and on openssh lists so I'm aware of these use cases. The only thing that was announcement on upstream list was that this is going to be default option in 6.9 probably and there was wild discussion about this topic. Ideal way would be to have it only on client, because there is not much use for this on server. Lets see the possibilities we will have in half a year with next version. Jakub Jelen On 04/04/2015 06:26 PM, Nico Kadel-Garcia wrote: On Thu, Mar 26, 2015 at 10:54 PM, Chris Adams li...@cmadams.net wrote: Once upon a time, Nico Kadel-Garcia nka...@gmail.com said: Also, heads up on OpenSSH releases: they're planning to disable ssh-1 compilation by default in a near future release, so the maintainer at Fedora will need to decide whether to manually enable it. Please don't disable it in the client; I use SSH to connect to some old network equipment now and then, and it (regrettably) only supports the SSH1 protocol. I have no problem with it being turned off in the server, but my only alternative for this gear is to re-enable telnet (SSH1 is more secure than that). -- Chris Adams li...@cmadams.net Sorry, I've been busy. I'm not in that position myself anymore, but it's not uncommon. I'd certainly encourage the packager for OpenSSH in Fedora to keep it enabled in the client, myself. The problem is really quite old, and dates back to when the SSH 2 protocol was written. I think it was a profound tactical error to continue to use the overlapping source tree for both, and to run both services on the same port, despite potential confusion in a switch. But it's way, way too late to fix *that* architectural issue. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Heads up - openssh 6.8 coming to F22
On Thu, Mar 26, 2015 at 10:54 PM, Chris Adams li...@cmadams.net wrote: Once upon a time, Nico Kadel-Garcia nka...@gmail.com said: Also, heads up on OpenSSH releases: they're planning to disable ssh-1 compilation by default in a near future release, so the maintainer at Fedora will need to decide whether to manually enable it. Please don't disable it in the client; I use SSH to connect to some old network equipment now and then, and it (regrettably) only supports the SSH1 protocol. I have no problem with it being turned off in the server, but my only alternative for this gear is to re-enable telnet (SSH1 is more secure than that). -- Chris Adams li...@cmadams.net Sorry, I've been busy. I'm not in that position myself anymore, but it's not uncommon. I'd certainly encourage the packager for OpenSSH in Fedora to keep it enabled in the client, myself. The problem is really quite old, and dates back to when the SSH 2 protocol was written. I think it was a profound tactical error to continue to use the overlapping source tree for both, and to run both services on the same port, despite potential confusion in a switch. But it's way, way too late to fix *that* architectural issue. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Heads up - openssh 6.8 coming to F22
On Thu, Mar 26, 2015 at 10:21 AM, Jakub Jelen jje...@redhat.com wrote: Hi all, I know that it is quite late in F22 schedule and freeze is coming, but we decided to push recent upstream version into F22 before beta freeze to keep up with upstream. I spent some time with testing various use cases with our downstream patches and I would like to point out that I did my best. It works fine from my point of view. Despite of that I would like to ask you, if you could also try your use cases and playing around with ssh* tools and if something would break, please report back to me. Also, heads up on OpenSSH releases: they're planning to disable ssh-1 compilation by default in a near future release, so the maintainer at Fedora will need to decide whether to manually enable it. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Heads up - openssh 6.8 coming to F22
Once upon a time, Nico Kadel-Garcia nka...@gmail.com said: Also, heads up on OpenSSH releases: they're planning to disable ssh-1 compilation by default in a near future release, so the maintainer at Fedora will need to decide whether to manually enable it. Please don't disable it in the client; I use SSH to connect to some old network equipment now and then, and it (regrettably) only supports the SSH1 protocol. I have no problem with it being turned off in the server, but my only alternative for this gear is to re-enable telnet (SSH1 is more secure than that). -- Chris Adams li...@cmadams.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
