From 21af5fc4640bef33309400917d79e20c9f441d47 Mon Sep 17 00:00:00 2001
From: dtucker <dtucker>
Date: Sun, 11 Oct 2009 10:51:08 +0000
Subject: [PATCH]  - (dtucker) OpenBSD CVS Sync    - markus@cvs.openbsd.org
 2009/10/08 14:03:41      [sshd_config readconf.c ssh_config.5 servconf.c
 sshd_config.5]      disable protocol 1 by default (after a transition period
 of about 10 years)      ok deraadt

---
 ChangeLog     |  5 +++++
 readconf.c    |  4 ++--
 servconf.c    |  4 ++--
 ssh_config.5  | 12 +++++++-----
 sshd_config   |  8 +++-----
 sshd_config.5 |  4 ++--
 6 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 85446e31..23bc18b6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@
  - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
    dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
    lstat.
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2009/10/08 14:03:41
+     [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
+     disable protocol 1 by default (after a transition period of about 10 years)
+     ok deraadt
 
 20091007
  - (dtucker) OpenBSD CVS Sync
diff --git a/readconf.c b/readconf.c
index 0bf5d7cb..4a16974b 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */
+/* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1142,7 +1142,7 @@ fill_default_options(Options * options)
 	/* options->macs, default set in myproposals.h */
 	/* options->hostkeyalgorithms, default set in myproposals.h */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
-		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+		options->protocol = SSH_PROTO_2;
 	if (options->num_identity_files == 0) {
 		if (options->protocol & SSH_PROTO_1) {
 			len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
diff --git a/servconf.c b/servconf.c
index b51b86a8..c2e5cc6f 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */
+/* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -139,7 +139,7 @@ fill_default_server_options(ServerOptions *options)
 
 	/* Standard Options */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
-		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+		options->protocol = SSH_PROTO_2;
 	if (options->num_host_key_files == 0) {
 		/* fill default hostkeys for protocols */
 		if (options->protocol & SSH_PROTO_1)
diff --git a/ssh_config.5 b/ssh_config.5
index fac0efb9..2f015402 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $
 .Dd $Mdocdate$
 .Dt SSH_CONFIG 5
 .Os
@@ -730,11 +730,13 @@ The possible values are
 and
 .Sq 2 .
 Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-This means that ssh
-tries version 2 and falls back to version 1
+When this option is set to
+.Dq 2,1 
+.Nm ssh
+will try version 2 and fall back to version 1
 if version 2 is not available.
+The default is
+.Dq 2 .
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
diff --git a/sshd_config b/sshd_config
index 1b53a0ef..72fbae37 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+#	$OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -15,10 +15,8 @@
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
-# Disable legacy (protocol version 1) support in the server for new
-# installations. In future the default will change to require explicit
-# activation of protocol 1
-Protocol 2
+# The default requires explicit activation of protocol 1
+#Protocol 2
 
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
diff --git a/sshd_config.5 b/sshd_config.5
index c7e2581b..f8209b6a 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.107 2009/08/16 23:29:26 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $
 .Dd $Mdocdate$
 .Dt SSHD_CONFIG 5
 .Os
@@ -793,7 +793,7 @@ and
 .Sq 2 .
 Multiple versions must be comma-separated.
 The default is
-.Dq 2,1 .
+.Dq 2 .
 Note that the order of the protocol list does not indicate preference,
 because the client selects among multiple protocol versions offered
 by the server.
-- 
2.45.2