- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
lstat.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2009/10/08 14:03:41
+ [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
+ disable protocol 1 by default (after a transition period of about 10 years)
+ ok deraadt
20091007
- (dtucker) OpenBSD CVS Sync
-/* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */
+/* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
/* options->macs, default set in myproposals.h */
/* options->hostkeyalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+ options->protocol = SSH_PROTO_2;
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
-/* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */
+/* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+ options->protocol = SSH_PROTO_2;
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
if (options->protocol & SSH_PROTO_1)
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $
.Dd $Mdocdate$
.Dt SSH_CONFIG 5
.Os
and
.Sq 2 .
Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-This means that ssh
-tries version 2 and falls back to version 1
+When this option is set to
+.Dq 2,1
+.Nm ssh
+will try version 2 and fall back to version 1
if version 2 is not available.
+The default is
+.Dq 2 .
.It Cm ProxyCommand
Specifies the command to use to connect to the server.
The command
-# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
#ListenAddress 0.0.0.0
#ListenAddress ::
-# Disable legacy (protocol version 1) support in the server for new
-# installations. In future the default will change to require explicit
-# activation of protocol 1
-Protocol 2
+# The default requires explicit activation of protocol 1
+#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.107 2009/08/16 23:29:26 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $
.Dd $Mdocdate$
.Dt SSHD_CONFIG 5
.Os
.Sq 2 .
Multiple versions must be comma-separated.
The default is
-.Dq 2,1 .
+.Dq 2 .
Note that the order of the protocol list does not indicate preference,
because the client selects among multiple protocol versions offered
by the server.