upstream commit

remove SSHv1 configuration options and man pages bits ok markus@ Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
author: djm@openbsd.org <djm@openbsd.org> 2017-04-30 23:18:22 +0000
committer: Damien Miller <djm@mindrot.org> 2017-05-01 10:05:00 +1000
commit: 788ac799a6efa40517f2ac0d895a610394298ffc (patch)
tree: 29e320f7adeb31b2febfa08cc60b6c578263dfc6 /ssh.1
parent: e6882463a8ae0594aacb6d6575a6318a41973d84 (diff)
1 files changed, 5 insertions, 52 deletions
diff --git a/ssh.1 b/ssh.1
index 4011c65aa..325742f98 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.376 2016/07/16 06:57:55 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.377 2017/04/30 23:18:22 djm Exp $
-.Dd $Mdocdate: July 16 2016 $
+.Dd $Mdocdate: April 30 2017 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -43,7 +43,7 @@
 .Sh SYNOPSIS
 .Nm ssh
 .Bk -words
-.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
+.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
 .Op Fl D Oo Ar bind_address : Oc Ns Ar port
@@ -95,16 +95,6 @@ it is executed on the remote host instead of a login shell.
 The options are as follows:
 .Pp
 .Bl -tag -width Ds -compact
-.It Fl 1
-Forces
-.Nm
-to try protocol version 1 only.
-.Pp
-.It Fl 2
-Forces
-.Nm
-to try protocol version 2 only.
-.Pp
 .It Fl 4
 Forces
 .Nm
@@ -144,12 +134,7 @@ data for forwarded X11, TCP and
 .Ux Ns -domain
 connections).
 The compression algorithm is the same used by
-.Xr gzip 1 ,
+.Xr gzip 1 .
-and the
-.Dq level
-can be controlled by the
-.Cm CompressionLevel
-option for protocol version 1.
 Compression is desirable on modem lines and other
 slow connections, but will only slow down things on fast networks.
 The default value can be set on a host-by-host basis in the
@@ -159,14 +144,6 @@ option.
 .Pp
 .It Fl c Ar cipher_spec
 Selects the cipher specification for encrypting the session.
-.Pp
-Protocol version 1 allows specification of a single cipher.
-The supported values are
-.Dq 3des ,
-.Dq blowfish ,
-and
-.Dq des .
-For protocol version 2,
 .Ar cipher_spec
 is a comma-separated list of ciphers
 listed in order of preference.
@@ -290,8 +267,6 @@ private RSA key.
 Selects a file from which the identity (private key) for
 public key authentication is read.
 The default is
-.Pa ~/.ssh/identity
-for protocol version 1, and
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ed25519
@@ -495,7 +470,6 @@ For full details of the options listed below, and their possible values, see
 .It Ciphers
 .It ClearAllForwardings
 .It Compression
-.It CompressionLevel
 .It ConnectionAttempts
 .It ConnectTimeout
 .It ControlMaster
@@ -540,7 +514,6 @@ For full details of the options listed below, and their possible values, see
 .It PKCS11Provider
 .It Port
 .It PreferredAuthentications
-.It Protocol
 .It ProxyCommand
 .It ProxyJump
 .It ProxyUseFdpass
@@ -549,8 +522,6 @@ For full details of the options listed below, and their possible values, see
 .It RekeyLimit
 .It RemoteForward
 .It RequestTTY
-.It RhostsRSAAuthentication
-.It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval
 .It ServerAliveCountMax
@@ -806,21 +777,7 @@ a per-user configuration file and a system-wide configuration file.
 The file format and configuration options are described in
 .Xr ssh_config 5 .
 .Sh AUTHENTICATION
-The OpenSSH SSH client supports SSH protocols 1 and 2.
+The OpenSSH SSH client supports SSH protocol 2.
-The default is to use protocol 2 only,
-though this can be changed via the
-.Cm Protocol
-option in
-.Xr ssh_config 5
-or the
-.Fl 1
-and
-.Fl 2
-options (see above).
-Protocol 1 should not be used
-and is only offered to support legacy devices.
-It suffers from a number of cryptographic weaknesses
-and doesn't support many of the advanced features available for protocol 2.
 .Pp
 The methods available for authentication are:
 GSSAPI-based authentication,
@@ -893,8 +850,6 @@ is authorized to accept the account.
 The user creates his/her key pair by running
 .Xr ssh-keygen 1 .
 This stores the private key in
-.Pa ~/.ssh/identity
-(protocol 1),
 .Pa ~/.ssh/id_dsa
 (DSA),
 .Pa ~/.ssh/id_ecdsa
@@ -905,8 +860,6 @@ or
 .Pa ~/.ssh/id_rsa
 (RSA)
 and stores the public key in
-.Pa ~/.ssh/identity.pub
-(protocol 1),
 .Pa ~/.ssh/id_dsa.pub
 (DSA),
 .Pa ~/.ssh/id_ecdsa.pub
author	djm@openbsd.org <djm@openbsd.org>	2017-04-30 23:18:22 +0000
committer	Damien Miller <djm@mindrot.org>	2017-05-01 10:05:00 +1000
commit	788ac799a6efa40517f2ac0d895a610394298ffc (patch)
tree	29e320f7adeb31b2febfa08cc60b6c578263dfc6 /ssh.1
parent	e6882463a8ae0594aacb6d6575a6318a41973d84 (diff)

diff --git a/ssh.1 b/ssh.1 index 4011c65aa..325742f98 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.376 2016/07/16 06:57:55 jmc Exp $	36	.\" $OpenBSD: ssh.1,v 1.377 2017/04/30 23:18:22 djm Exp $
37	.Dd $Mdocdate: July 16 2016 $	37	.Dd $Mdocdate: April 30 2017 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -43,7 +43,7 @@
43	.Sh SYNOPSIS	43	.Sh SYNOPSIS
44	.Nm ssh	44	.Nm ssh
45	.Bk -words	45	.Bk -words
46	.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy	46	.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
47	.Op Fl b Ar bind_address	47	.Op Fl b Ar bind_address
48	.Op Fl c Ar cipher_spec	48	.Op Fl c Ar cipher_spec
49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port	49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port
@@ -95,16 +95,6 @@ it is executed on the remote host instead of a login shell.
95	The options are as follows:	95	The options are as follows:
96	.Pp	96	.Pp
97	.Bl -tag -width Ds -compact	97	.Bl -tag -width Ds -compact
98	.It Fl 1
99	Forces
100	.Nm
101	to try protocol version 1 only.
102	.Pp
103	.It Fl 2
104	Forces
105	.Nm
106	to try protocol version 2 only.
107	.Pp
108	.It Fl 4	98	.It Fl 4
109	Forces	99	Forces
110	.Nm	100	.Nm
@@ -144,12 +134,7 @@ data for forwarded X11, TCP and
144	.Ux Ns -domain	134	.Ux Ns -domain
145	connections).	135	connections).
146	The compression algorithm is the same used by	136	The compression algorithm is the same used by
147	.Xr gzip 1 ,	137	.Xr gzip 1 .
148	and the
149	.Dq level
150	can be controlled by the
151	.Cm CompressionLevel
152	option for protocol version 1.
153	Compression is desirable on modem lines and other	138	Compression is desirable on modem lines and other
154	slow connections, but will only slow down things on fast networks.	139	slow connections, but will only slow down things on fast networks.
155	The default value can be set on a host-by-host basis in the	140	The default value can be set on a host-by-host basis in the
@@ -159,14 +144,6 @@ option.
159	.Pp	144	.Pp
160	.It Fl c Ar cipher_spec	145	.It Fl c Ar cipher_spec
161	Selects the cipher specification for encrypting the session.	146	Selects the cipher specification for encrypting the session.
162	.Pp
163	Protocol version 1 allows specification of a single cipher.
164	The supported values are
165	.Dq 3des ,
166	.Dq blowfish ,
167	and
168	.Dq des .
169	For protocol version 2,
170	.Ar cipher_spec	147	.Ar cipher_spec
171	is a comma-separated list of ciphers	148	is a comma-separated list of ciphers
172	listed in order of preference.	149	listed in order of preference.
@@ -290,8 +267,6 @@ private RSA key.
290	Selects a file from which the identity (private key) for	267	Selects a file from which the identity (private key) for
291	public key authentication is read.	268	public key authentication is read.
292	The default is	269	The default is
293	.Pa ~/.ssh/identity
294	for protocol version 1, and
295	.Pa ~/.ssh/id_dsa ,	270	.Pa ~/.ssh/id_dsa ,
296	.Pa ~/.ssh/id_ecdsa ,	271	.Pa ~/.ssh/id_ecdsa ,
297	.Pa ~/.ssh/id_ed25519	272	.Pa ~/.ssh/id_ed25519
@@ -495,7 +470,6 @@ For full details of the options listed below, and their possible values, see
495	.It Ciphers	470	.It Ciphers
496	.It ClearAllForwardings	471	.It ClearAllForwardings
497	.It Compression	472	.It Compression
498	.It CompressionLevel
499	.It ConnectionAttempts	473	.It ConnectionAttempts
500	.It ConnectTimeout	474	.It ConnectTimeout
501	.It ControlMaster	475	.It ControlMaster
@@ -540,7 +514,6 @@ For full details of the options listed below, and their possible values, see
540	.It PKCS11Provider	514	.It PKCS11Provider
541	.It Port	515	.It Port
542	.It PreferredAuthentications	516	.It PreferredAuthentications
543	.It Protocol
544	.It ProxyCommand	517	.It ProxyCommand
545	.It ProxyJump	518	.It ProxyJump
546	.It ProxyUseFdpass	519	.It ProxyUseFdpass
@@ -549,8 +522,6 @@ For full details of the options listed below, and their possible values, see
549	.It RekeyLimit	522	.It RekeyLimit
550	.It RemoteForward	523	.It RemoteForward
551	.It RequestTTY	524	.It RequestTTY
552	.It RhostsRSAAuthentication
553	.It RSAAuthentication
554	.It SendEnv	525	.It SendEnv
555	.It ServerAliveInterval	526	.It ServerAliveInterval
556	.It ServerAliveCountMax	527	.It ServerAliveCountMax
@@ -806,21 +777,7 @@ a per-user configuration file and a system-wide configuration file.
806	The file format and configuration options are described in	777	The file format and configuration options are described in
807	.Xr ssh_config 5 .	778	.Xr ssh_config 5 .
808	.Sh AUTHENTICATION	779	.Sh AUTHENTICATION
809	The OpenSSH SSH client supports SSH protocols 1 and 2.	780	The OpenSSH SSH client supports SSH protocol 2.
810	The default is to use protocol 2 only,
811	though this can be changed via the
812	.Cm Protocol
813	option in
814	.Xr ssh_config 5
815	or the
816	.Fl 1
817	and
818	.Fl 2
819	options (see above).
820	Protocol 1 should not be used
821	and is only offered to support legacy devices.
822	It suffers from a number of cryptographic weaknesses
823	and doesn't support many of the advanced features available for protocol 2.
824	.Pp	781	.Pp
825	The methods available for authentication are:	782	The methods available for authentication are:
826	GSSAPI-based authentication,	783	GSSAPI-based authentication,
@@ -893,8 +850,6 @@ is authorized to accept the account.
893	The user creates his/her key pair by running	850	The user creates his/her key pair by running
894	.Xr ssh-keygen 1 .	851	.Xr ssh-keygen 1 .
895	This stores the private key in	852	This stores the private key in
896	.Pa ~/.ssh/identity
897	(protocol 1),
898	.Pa ~/.ssh/id_dsa	853	.Pa ~/.ssh/id_dsa
899	(DSA),	854	(DSA),
900	.Pa ~/.ssh/id_ecdsa	855	.Pa ~/.ssh/id_ecdsa
@@ -905,8 +860,6 @@ or
905	.Pa ~/.ssh/id_rsa	860	.Pa ~/.ssh/id_rsa
906	(RSA)	861	(RSA)
907	and stores the public key in	862	and stores the public key in
908	.Pa ~/.ssh/identity.pub
909	(protocol 1),
910	.Pa ~/.ssh/id_dsa.pub	863	.Pa ~/.ssh/id_dsa.pub
911	(DSA),	864	(DSA),
912	.Pa ~/.ssh/id_ecdsa.pub	865	.Pa ~/.ssh/id_ecdsa.pub