- jmc@cvs.openbsd.org 2009/10/08 20:42:12

[sshd_config.5 ssh_config.5 sshd.8 ssh.1] some tweaks now that protocol 1 is not offered by default; ok markus
author: Darren Tucker <dtucker@zip.com.au> 2009-10-11 21:51:40 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2009-10-11 21:51:40 +1100
commit: 7a4a76579e5321f52b773fc84f7bbe0f07adc5f2 (patch)
tree: 0367fc94a0c804625cd5399449ec4f616ee0524f
parent: bad5076bb5d5587cf8b889cd9ce495c39282786b (diff)
5 files changed, 18 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 23bc18b67..495c0968c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
     [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
     disable protocol 1 by default (after a transition period of about 10 years)
     ok deraadt
+   - jmc@cvs.openbsd.org 2009/10/08 20:42:12
+     [sshd_config.5 ssh_config.5 sshd.8 ssh.1]
+     some tweaks now that protocol 1 is not offered by default; ok markus
 20091007
 - (dtucker) OpenBSD CVS Sync
diff --git a/ssh.1 b/ssh.1
index 6c6271ee4..8c3d32aaf 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.283 2009/03/19 15:15:09 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.284 2009/10/08 20:42:12 jmc Exp $
-.Dd $Mdocdate: March 19 2009 $
+.Dd $Mdocdate: October 8 2009 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -666,20 +666,18 @@ exits with the exit status of the remote command or with 255
 if an error occurred.
 .Sh AUTHENTICATION
 The OpenSSH SSH client supports SSH protocols 1 and 2.
-Protocol 2 is the default, with
+The default is to use protocol 2 only,
-.Nm
+though this can be changed via the
-falling back to protocol 1 if it detects protocol 2 is unsupported.
-These settings may be altered using the
 .Cm Protocol
 option in
-.Xr ssh_config 5 ,
+.Xr ssh_config 5
-or enforced using the
+or the
 .Fl 1
 and
 .Fl 2
 options (see above).
 Both protocols support similar authentication methods,
-but protocol 2 is preferred since
+but protocol 2 is the default since
 it provides additional mechanisms for confidentiality
 (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
 and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).
diff --git a/ssh_config.5 b/ssh_config.5
index 82c2a30b0..89f3896e6 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.121 2009/10/08 20:42:13 jmc Exp $
 .Dd $Mdocdate: October 8 2009 $
 .Dt SSH_CONFIG 5
 .Os
@@ -731,12 +731,12 @@ and
 .Sq 2 .
 Multiple versions must be comma-separated.
 When this option is set to
-.Dq 2,1 
+.Dq 2,1
 .Nm ssh
 will try version 2 and fall back to version 1
 if version 2 is not available.
 The default is
-.Dq 2 .
+.Sq 2 .
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
diff --git a/sshd.8 b/sshd.8
index 111d491d9..7878d9f06 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.248 2009/03/26 08:38:39 sobrado Exp $
+.\" $OpenBSD: sshd.8,v 1.249 2009/10/08 20:42:13 jmc Exp $
-.Dd $Mdocdate: March 26 2009 $
+.Dd $Mdocdate: October 8 2009 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -260,7 +260,7 @@ or
 .El
 .Sh AUTHENTICATION
 The OpenSSH SSH daemon supports SSH protocols 1 and 2.
-Both protocols are supported by default,
+The default is to use protocol 2 only,
 though this can be changed via the
 .Cm Protocol
 option in
diff --git a/sshd_config.5 b/sshd_config.5
index 00ac82a34..4b3793d13 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.109 2009/10/08 20:42:13 jmc Exp $
 .Dd $Mdocdate: October 8 2009 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -793,7 +793,7 @@ and
 .Sq 2 .
 Multiple versions must be comma-separated.
 The default is
-.Dq 2 .
+.Sq 2 .
 Note that the order of the protocol list does not indicate preference,
 because the client selects among multiple protocol versions offered
 by the server.
author	Darren Tucker <dtucker@zip.com.au>	2009-10-11 21:51:40 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2009-10-11 21:51:40 +1100
commit	7a4a76579e5321f52b773fc84f7bbe0f07adc5f2 (patch)
tree	0367fc94a0c804625cd5399449ec4f616ee0524f
parent	bad5076bb5d5587cf8b889cd9ce495c39282786b (diff)

diff --git a/ChangeLog b/ChangeLog index 23bc18b67..495c0968c 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -7,6 +7,9 @@
7	[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]	7	[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
8	disable protocol 1 by default (after a transition period of about 10 years)	8	disable protocol 1 by default (after a transition period of about 10 years)
9	ok deraadt	9	ok deraadt
		10	- jmc@cvs.openbsd.org 2009/10/08 20:42:12
		11	[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
		12	some tweaks now that protocol 1 is not offered by default; ok markus
10		13
11	20091007	14	20091007
12	- (dtucker) OpenBSD CVS Sync	15	- (dtucker) OpenBSD CVS Sync


diff --git a/ssh.1 b/ssh.1 index 6c6271ee4..8c3d32aaf 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.283 2009/03/19 15:15:09 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.284 2009/10/08 20:42:12 jmc Exp $
38	.Dd $Mdocdate: March 19 2009 $	38	.Dd $Mdocdate: October 8 2009 $
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -666,20 +666,18 @@ exits with the exit status of the remote command or with 255
666	if an error occurred.	666	if an error occurred.
667	.Sh AUTHENTICATION	667	.Sh AUTHENTICATION
668	The OpenSSH SSH client supports SSH protocols 1 and 2.	668	The OpenSSH SSH client supports SSH protocols 1 and 2.
669	Protocol 2 is the default, with	669	The default is to use protocol 2 only,
670	.Nm	670	though this can be changed via the
671	falling back to protocol 1 if it detects protocol 2 is unsupported.
672	These settings may be altered using the
673	.Cm Protocol	671	.Cm Protocol
674	option in	672	option in
675	.Xr ssh_config 5 ,	673	.Xr ssh_config 5
676	or enforced using the	674	or the
677	.Fl 1	675	.Fl 1
678	and	676	and
679	.Fl 2	677	.Fl 2
680	options (see above).	678	options (see above).
681	Both protocols support similar authentication methods,	679	Both protocols support similar authentication methods,
682	but protocol 2 is preferred since	680	but protocol 2 is the default since
683	it provides additional mechanisms for confidentiality	681	it provides additional mechanisms for confidentiality
684	(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)	682	(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
685	and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).	683	and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).


diff --git a/ssh_config.5 b/ssh_config.5 index 82c2a30b0..89f3896e6 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.121 2009/10/08 20:42:13 jmc Exp $
38	.Dd $Mdocdate: October 8 2009 $	38	.Dd $Mdocdate: October 8 2009 $
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -731,12 +731,12 @@ and
731	.Sq 2 .	731	.Sq 2 .
732	Multiple versions must be comma-separated.	732	Multiple versions must be comma-separated.
733	When this option is set to	733	When this option is set to
734	.Dq 2,1	734	.Dq 2,1
735	.Nm ssh	735	.Nm ssh
736	will try version 2 and fall back to version 1	736	will try version 2 and fall back to version 1
737	if version 2 is not available.	737	if version 2 is not available.
738	The default is	738	The default is
739	.Dq 2 .	739	.Sq 2 .
740	.It Cm ProxyCommand	740	.It Cm ProxyCommand
741	Specifies the command to use to connect to the server.	741	Specifies the command to use to connect to the server.
742	The command	742	The command


diff --git a/sshd.8 b/sshd.8 index 111d491d9..7878d9f06 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.248 2009/03/26 08:38:39 sobrado Exp $	37	.\" $OpenBSD: sshd.8,v 1.249 2009/10/08 20:42:13 jmc Exp $
38	.Dd $Mdocdate: March 26 2009 $	38	.Dd $Mdocdate: October 8 2009 $
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -260,7 +260,7 @@ or
260	.El	260	.El
261	.Sh AUTHENTICATION	261	.Sh AUTHENTICATION
262	The OpenSSH SSH daemon supports SSH protocols 1 and 2.	262	The OpenSSH SSH daemon supports SSH protocols 1 and 2.
263	Both protocols are supported by default,	263	The default is to use protocol 2 only,
264	though this can be changed via the	264	though this can be changed via the
265	.Cm Protocol	265	.Cm Protocol
266	option in	266	option in


diff --git a/sshd_config.5 b/sshd_config.5 index 00ac82a34..4b3793d13 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.109 2009/10/08 20:42:13 jmc Exp $
38	.Dd $Mdocdate: October 8 2009 $	38	.Dd $Mdocdate: October 8 2009 $
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
@@ -793,7 +793,7 @@ and
793	.Sq 2 .	793	.Sq 2 .
794	Multiple versions must be comma-separated.	794	Multiple versions must be comma-separated.
795	The default is	795	The default is
796	.Dq 2 .	796	.Sq 2 .
797	Note that the order of the protocol list does not indicate preference,	797	Note that the order of the protocol list does not indicate preference,
798	because the client selects among multiple protocol versions offered	798	because the client selects among multiple protocol versions offered
799	by the server.	799	by the server.