upstream commit

Replace list of ciphers and MACs adjacent to -1/-2 flag descriptions in ssh(1) with a strong recommendation not to use protocol 1. Add a similar warning to the Protocol option descriptions in ssh_config(5) and sshd_config(5); prompted by and ok mmcc@ Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
author: djm@openbsd.org <djm@openbsd.org> 2016-02-16 05:11:04 +0000
committer: Damien Miller <djm@mindrot.org> 2016-02-17 16:37:55 +1100
commit: e7901efa9b24e5b0c7e74f2c5520d47eead4d005 (patch)
tree: ac10b758c067835867d74129e9e067956b9b631a /ssh.1
parent: 5a0fcb77287342e2fc2ba1cee79b6af108973dc2 (diff)
1 files changed, 5 insertions, 11 deletions
diff --git a/ssh.1 b/ssh.1
index 5b35b6cc0..42f71afaf 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.366 2015/11/15 22:26:49 jcs Exp $
+.\" $OpenBSD: ssh.1,v 1.367 2016/02/16 05:11:04 djm Exp $
-.Dd $Mdocdate: November 15 2015 $
+.Dd $Mdocdate: February 16 2016 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -795,15 +795,9 @@ or the
 and
 .Fl 2
 options (see above).
-Both protocols support similar authentication methods,
+Protocol 2 is the default.
-but protocol 2 is the default since
+Protocol 1 should not be used - it suffers from a number of cryptographic
-it provides additional mechanisms for confidentiality
+weaknesses and is only offered to support legacy devices.
-(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
-and integrity (hmac-md5, hmac-sha1,
-hmac-sha2-256, hmac-sha2-512,
-umac-64, umac-128, hmac-ripemd160).
-Protocol 1 lacks a strong mechanism for ensuring the
-integrity of the connection.
 .Pp
 The methods available for authentication are:
 GSSAPI-based authentication,
author	djm@openbsd.org <djm@openbsd.org>	2016-02-16 05:11:04 +0000
committer	Damien Miller <djm@mindrot.org>	2016-02-17 16:37:55 +1100
commit	e7901efa9b24e5b0c7e74f2c5520d47eead4d005 (patch)
tree	ac10b758c067835867d74129e9e067956b9b631a /ssh.1
parent	5a0fcb77287342e2fc2ba1cee79b6af108973dc2 (diff)

diff --git a/ssh.1 b/ssh.1 index 5b35b6cc0..42f71afaf 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.366 2015/11/15 22:26:49 jcs Exp $	36	.\" $OpenBSD: ssh.1,v 1.367 2016/02/16 05:11:04 djm Exp $
37	.Dd $Mdocdate: November 15 2015 $	37	.Dd $Mdocdate: February 16 2016 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -795,15 +795,9 @@ or the
795	and	795	and
796	.Fl 2	796	.Fl 2
797	options (see above).	797	options (see above).
798	Both protocols support similar authentication methods,	798	Protocol 2 is the default.
799	but protocol 2 is the default since	799	Protocol 1 should not be used - it suffers from a number of cryptographic
800	it provides additional mechanisms for confidentiality	800	weaknesses and is only offered to support legacy devices.
801	(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
802	and integrity (hmac-md5, hmac-sha1,
803	hmac-sha2-256, hmac-sha2-512,
804	umac-64, umac-128, hmac-ripemd160).
805	Protocol 1 lacks a strong mechanism for ensuring the
806	integrity of the connection.
807	.Pp	801	.Pp
808	The methods available for authentication are:	802	The methods available for authentication are:
809	GSSAPI-based authentication,	803	GSSAPI-based authentication,