diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | readconf.c | 4 | ||||
| -rw-r--r-- | servconf.c | 4 | ||||
| -rw-r--r-- | ssh_config.5 | 14 | ||||
| -rw-r--r-- | sshd_config | 8 | ||||
| -rw-r--r-- | sshd_config.5 | 6 |
6 files changed, 23 insertions, 18 deletions
| @@ -2,6 +2,11 @@ | |||
| 2 | - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for | 2 | - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for |
| 3 | dirent d_type and DTTOIF as we've switched OpenBSD to the more portable | 3 | dirent d_type and DTTOIF as we've switched OpenBSD to the more portable |
| 4 | lstat. | 4 | lstat. |
| 5 | - (dtucker) OpenBSD CVS Sync | ||
| 6 | - markus@cvs.openbsd.org 2009/10/08 14:03:41 | ||
| 7 | [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5] | ||
| 8 | disable protocol 1 by default (after a transition period of about 10 years) | ||
| 9 | ok deraadt | ||
| 5 | 10 | ||
| 6 | 20091007 | 11 | 20091007 |
| 7 | - (dtucker) OpenBSD CVS Sync | 12 | - (dtucker) OpenBSD CVS Sync |
diff --git a/readconf.c b/readconf.c index 0bf5d7cb4..4a16974b8 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1142,7 +1142,7 @@ fill_default_options(Options * options) | |||
| 1142 | /* options->macs, default set in myproposals.h */ | 1142 | /* options->macs, default set in myproposals.h */ |
| 1143 | /* options->hostkeyalgorithms, default set in myproposals.h */ | 1143 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
| 1144 | if (options->protocol == SSH_PROTO_UNKNOWN) | 1144 | if (options->protocol == SSH_PROTO_UNKNOWN) |
| 1145 | options->protocol = SSH_PROTO_1|SSH_PROTO_2; | 1145 | options->protocol = SSH_PROTO_2; |
| 1146 | if (options->num_identity_files == 0) { | 1146 | if (options->num_identity_files == 0) { |
| 1147 | if (options->protocol & SSH_PROTO_1) { | 1147 | if (options->protocol & SSH_PROTO_1) { |
| 1148 | len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; | 1148 | len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; |
diff --git a/servconf.c b/servconf.c index b51b86a8f..c2e5cc6f4 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -139,7 +139,7 @@ fill_default_server_options(ServerOptions *options) | |||
| 139 | 139 | ||
| 140 | /* Standard Options */ | 140 | /* Standard Options */ |
| 141 | if (options->protocol == SSH_PROTO_UNKNOWN) | 141 | if (options->protocol == SSH_PROTO_UNKNOWN) |
| 142 | options->protocol = SSH_PROTO_1|SSH_PROTO_2; | 142 | options->protocol = SSH_PROTO_2; |
| 143 | if (options->num_host_key_files == 0) { | 143 | if (options->num_host_key_files == 0) { |
| 144 | /* fill default hostkeys for protocols */ | 144 | /* fill default hostkeys for protocols */ |
| 145 | if (options->protocol & SSH_PROTO_1) | 145 | if (options->protocol & SSH_PROTO_1) |
diff --git a/ssh_config.5 b/ssh_config.5 index ea9a20b23..82c2a30b0 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -34,8 +34,8 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $ |
| 38 | .Dd $Mdocdate: February 22 2009 $ | 38 | .Dd $Mdocdate: October 8 2009 $ |
| 39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -730,11 +730,13 @@ The possible values are | |||
| 730 | and | 730 | and |
| 731 | .Sq 2 . | 731 | .Sq 2 . |
| 732 | Multiple versions must be comma-separated. | 732 | Multiple versions must be comma-separated. |
| 733 | The default is | 733 | When this option is set to |
| 734 | .Dq 2,1 . | 734 | .Dq 2,1 |
| 735 | This means that ssh | 735 | .Nm ssh |
| 736 | tries version 2 and falls back to version 1 | 736 | will try version 2 and fall back to version 1 |
| 737 | if version 2 is not available. | 737 | if version 2 is not available. |
| 738 | The default is | ||
| 739 | .Dq 2 . | ||
| 738 | .It Cm ProxyCommand | 740 | .It Cm ProxyCommand |
| 739 | Specifies the command to use to connect to the server. | 741 | Specifies the command to use to connect to the server. |
| 740 | The command | 742 | The command |
diff --git a/sshd_config b/sshd_config index 1b53a0efb..72fbae37b 100644 --- a/sshd_config +++ b/sshd_config | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ |
| 2 | 2 | ||
| 3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
| 4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
| @@ -15,10 +15,8 @@ | |||
| 15 | #ListenAddress 0.0.0.0 | 15 | #ListenAddress 0.0.0.0 |
| 16 | #ListenAddress :: | 16 | #ListenAddress :: |
| 17 | 17 | ||
| 18 | # Disable legacy (protocol version 1) support in the server for new | 18 | # The default requires explicit activation of protocol 1 |
| 19 | # installations. In future the default will change to require explicit | 19 | #Protocol 2 |
| 20 | # activation of protocol 1 | ||
| 21 | Protocol 2 | ||
| 22 | 20 | ||
| 23 | # HostKey for protocol version 1 | 21 | # HostKey for protocol version 1 |
| 24 | #HostKey /etc/ssh/ssh_host_key | 22 | #HostKey /etc/ssh/ssh_host_key |
diff --git a/sshd_config.5 b/sshd_config.5 index 54a4480fe..00ac82a34 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -34,8 +34,8 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd_config.5,v 1.107 2009/08/16 23:29:26 dtucker Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $ |
| 38 | .Dd $Mdocdate: August 16 2009 $ | 38 | .Dd $Mdocdate: October 8 2009 $ |
| 39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -793,7 +793,7 @@ and | |||
| 793 | .Sq 2 . | 793 | .Sq 2 . |
| 794 | Multiple versions must be comma-separated. | 794 | Multiple versions must be comma-separated. |
| 795 | The default is | 795 | The default is |
| 796 | .Dq 2,1 . | 796 | .Dq 2 . |
| 797 | Note that the order of the protocol list does not indicate preference, | 797 | Note that the order of the protocol list does not indicate preference, |
| 798 | because the client selects among multiple protocol versions offered | 798 | because the client selects among multiple protocol versions offered |
| 799 | by the server. | 799 | by the server. |