summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2009-10-08 14:03:42 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2009-10-08 14:03:42 +0000
commitd0d5b5a45732fd70b10368631450fcebf5f86f18 (patch)
treed388e259eecbd35a69228a30db54eec78e5ade63
parent9205d3a2fef96367981b2f3336a88ff9b3bc0df8 (diff)
disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt
-rw-r--r--usr.bin/ssh/readconf.c4
-rw-r--r--usr.bin/ssh/servconf.c4
-rw-r--r--usr.bin/ssh/ssh_config.514
-rw-r--r--usr.bin/ssh/sshd_config8
-rw-r--r--usr.bin/ssh/sshd_config.56
5 files changed, 18 insertions, 18 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 4498f8c508c..5da7f7d5d33 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */
+/* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1137,7 +1137,7 @@ fill_default_options(Options * options)
/* options->macs, default set in myproposals.h */
/* options->hostkeyalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+ options->protocol = SSH_PROTO_2;
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 8578af52634..12d5b44f130 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */
+/* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -127,7 +127,7 @@ void
fill_default_server_options(ServerOptions *options)
{
if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+ options->protocol = SSH_PROTO_2;
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
if (options->protocol & SSH_PROTO_1)
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index ea9a20b23e3..82c2a30b0cd 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $
-.Dd $Mdocdate: February 22 2009 $
+.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $
+.Dd $Mdocdate: October 8 2009 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -730,11 +730,13 @@ The possible values are
and
.Sq 2 .
Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-This means that ssh
-tries version 2 and falls back to version 1
+When this option is set to
+.Dq 2,1
+.Nm ssh
+will try version 2 and fall back to version 1
if version 2 is not available.
+The default is
+.Dq 2 .
.It Cm ProxyCommand
Specifies the command to use to connect to the server.
The command
diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config
index f52b3fe73b0..6d339025597 100644
--- a/usr.bin/ssh/sshd_config
+++ b/usr.bin/ssh/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -13,10 +13,8 @@
#ListenAddress 0.0.0.0
#ListenAddress ::
-# Disable legacy (protocol version 1) support in the server for new
-# installations. In future the default will change to require explicit
-# activation of protocol 1
-Protocol 2
+# The default requires explicit activation of protocol 1
+#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index b21df76fa82..3eb61885a36 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.107 2009/08/16 23:29:26 dtucker Exp $
-.Dd $Mdocdate: August 16 2009 $
+.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $
+.Dd $Mdocdate: October 8 2009 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -794,7 +794,7 @@ and
.Sq 2 .
Multiple versions must be comma-separated.
The default is
-.Dq 2,1 .
+.Dq 2 .
Note that the order of the protocol list does not indicate preference,
because the client selects among multiple protocol versions offered
by the server.