diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2009-10-08 14:03:42 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2009-10-08 14:03:42 +0000 |
commit | d0d5b5a45732fd70b10368631450fcebf5f86f18 (patch) | |
tree | d388e259eecbd35a69228a30db54eec78e5ade63 | |
parent | 9205d3a2fef96367981b2f3336a88ff9b3bc0df8 (diff) |
disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt
-rw-r--r-- | usr.bin/ssh/readconf.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/servconf.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/ssh_config.5 | 14 | ||||
-rw-r--r-- | usr.bin/ssh/sshd_config | 8 | ||||
-rw-r--r-- | usr.bin/ssh/sshd_config.5 | 6 |
5 files changed, 18 insertions, 18 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 4498f8c508c..5da7f7d5d33 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */ +/* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1137,7 +1137,7 @@ fill_default_options(Options * options) /* options->macs, default set in myproposals.h */ /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) - options->protocol = SSH_PROTO_1|SSH_PROTO_2; + options->protocol = SSH_PROTO_2; if (options->num_identity_files == 0) { if (options->protocol & SSH_PROTO_1) { len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 8578af52634..12d5b44f130 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */ +/* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -127,7 +127,7 @@ void fill_default_server_options(ServerOptions *options) { if (options->protocol == SSH_PROTO_UNKNOWN) - options->protocol = SSH_PROTO_1|SSH_PROTO_2; + options->protocol = SSH_PROTO_2; if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ if (options->protocol & SSH_PROTO_1) diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index ea9a20b23e3..82c2a30b0cd 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $ -.Dd $Mdocdate: February 22 2009 $ +.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $ +.Dd $Mdocdate: October 8 2009 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -730,11 +730,13 @@ The possible values are and .Sq 2 . Multiple versions must be comma-separated. -The default is -.Dq 2,1 . -This means that ssh -tries version 2 and falls back to version 1 +When this option is set to +.Dq 2,1 +.Nm ssh +will try version 2 and fall back to version 1 if version 2 is not available. +The default is +.Dq 2 . .It Cm ProxyCommand Specifies the command to use to connect to the server. The command diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index f52b3fe73b0..6d339025597 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -13,10 +13,8 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -# Disable legacy (protocol version 1) support in the server for new -# installations. In future the default will change to require explicit -# activation of protocol 1 -Protocol 2 +# The default requires explicit activation of protocol 1 +#Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index b21df76fa82..3eb61885a36 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.107 2009/08/16 23:29:26 dtucker Exp $ -.Dd $Mdocdate: August 16 2009 $ +.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $ +.Dd $Mdocdate: October 8 2009 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -794,7 +794,7 @@ and .Sq 2 . Multiple versions must be comma-separated. The default is -.Dq 2,1 . +.Dq 2 . Note that the order of the protocol list does not indicate preference, because the client selects among multiple protocol versions offered by the server. |