diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | readconf.c | 4 | ||||
-rw-r--r-- | servconf.c | 4 | ||||
-rw-r--r-- | ssh_config.5 | 14 | ||||
-rw-r--r-- | sshd_config | 8 | ||||
-rw-r--r-- | sshd_config.5 | 6 |
6 files changed, 23 insertions, 18 deletions
@@ -2,6 +2,11 @@ | |||
2 | - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for | 2 | - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for |
3 | dirent d_type and DTTOIF as we've switched OpenBSD to the more portable | 3 | dirent d_type and DTTOIF as we've switched OpenBSD to the more portable |
4 | lstat. | 4 | lstat. |
5 | - (dtucker) OpenBSD CVS Sync | ||
6 | - markus@cvs.openbsd.org 2009/10/08 14:03:41 | ||
7 | [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5] | ||
8 | disable protocol 1 by default (after a transition period of about 10 years) | ||
9 | ok deraadt | ||
5 | 10 | ||
6 | 20091007 | 11 | 20091007 |
7 | - (dtucker) OpenBSD CVS Sync | 12 | - (dtucker) OpenBSD CVS Sync |
diff --git a/readconf.c b/readconf.c index 0bf5d7cb4..4a16974b8 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1142,7 +1142,7 @@ fill_default_options(Options * options) | |||
1142 | /* options->macs, default set in myproposals.h */ | 1142 | /* options->macs, default set in myproposals.h */ |
1143 | /* options->hostkeyalgorithms, default set in myproposals.h */ | 1143 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
1144 | if (options->protocol == SSH_PROTO_UNKNOWN) | 1144 | if (options->protocol == SSH_PROTO_UNKNOWN) |
1145 | options->protocol = SSH_PROTO_1|SSH_PROTO_2; | 1145 | options->protocol = SSH_PROTO_2; |
1146 | if (options->num_identity_files == 0) { | 1146 | if (options->num_identity_files == 0) { |
1147 | if (options->protocol & SSH_PROTO_1) { | 1147 | if (options->protocol & SSH_PROTO_1) { |
1148 | len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; | 1148 | len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; |
diff --git a/servconf.c b/servconf.c index b51b86a8f..c2e5cc6f4 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -139,7 +139,7 @@ fill_default_server_options(ServerOptions *options) | |||
139 | 139 | ||
140 | /* Standard Options */ | 140 | /* Standard Options */ |
141 | if (options->protocol == SSH_PROTO_UNKNOWN) | 141 | if (options->protocol == SSH_PROTO_UNKNOWN) |
142 | options->protocol = SSH_PROTO_1|SSH_PROTO_2; | 142 | options->protocol = SSH_PROTO_2; |
143 | if (options->num_host_key_files == 0) { | 143 | if (options->num_host_key_files == 0) { |
144 | /* fill default hostkeys for protocols */ | 144 | /* fill default hostkeys for protocols */ |
145 | if (options->protocol & SSH_PROTO_1) | 145 | if (options->protocol & SSH_PROTO_1) |
diff --git a/ssh_config.5 b/ssh_config.5 index ea9a20b23..82c2a30b0 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $ |
38 | .Dd $Mdocdate: February 22 2009 $ | 38 | .Dd $Mdocdate: October 8 2009 $ |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -730,11 +730,13 @@ The possible values are | |||
730 | and | 730 | and |
731 | .Sq 2 . | 731 | .Sq 2 . |
732 | Multiple versions must be comma-separated. | 732 | Multiple versions must be comma-separated. |
733 | The default is | 733 | When this option is set to |
734 | .Dq 2,1 . | 734 | .Dq 2,1 |
735 | This means that ssh | 735 | .Nm ssh |
736 | tries version 2 and falls back to version 1 | 736 | will try version 2 and fall back to version 1 |
737 | if version 2 is not available. | 737 | if version 2 is not available. |
738 | The default is | ||
739 | .Dq 2 . | ||
738 | .It Cm ProxyCommand | 740 | .It Cm ProxyCommand |
739 | Specifies the command to use to connect to the server. | 741 | Specifies the command to use to connect to the server. |
740 | The command | 742 | The command |
diff --git a/sshd_config b/sshd_config index 1b53a0efb..72fbae37b 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -15,10 +15,8 @@ | |||
15 | #ListenAddress 0.0.0.0 | 15 | #ListenAddress 0.0.0.0 |
16 | #ListenAddress :: | 16 | #ListenAddress :: |
17 | 17 | ||
18 | # Disable legacy (protocol version 1) support in the server for new | 18 | # The default requires explicit activation of protocol 1 |
19 | # installations. In future the default will change to require explicit | 19 | #Protocol 2 |
20 | # activation of protocol 1 | ||
21 | Protocol 2 | ||
22 | 20 | ||
23 | # HostKey for protocol version 1 | 21 | # HostKey for protocol version 1 |
24 | #HostKey /etc/ssh/ssh_host_key | 22 | #HostKey /etc/ssh/ssh_host_key |
diff --git a/sshd_config.5 b/sshd_config.5 index 54a4480fe..00ac82a34 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.107 2009/08/16 23:29:26 dtucker Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $ |
38 | .Dd $Mdocdate: August 16 2009 $ | 38 | .Dd $Mdocdate: October 8 2009 $ |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -793,7 +793,7 @@ and | |||
793 | .Sq 2 . | 793 | .Sq 2 . |
794 | Multiple versions must be comma-separated. | 794 | Multiple versions must be comma-separated. |
795 | The default is | 795 | The default is |
796 | .Dq 2,1 . | 796 | .Dq 2 . |
797 | Note that the order of the protocol list does not indicate preference, | 797 | Note that the order of the protocol list does not indicate preference, |
798 | because the client selects among multiple protocol versions offered | 798 | because the client selects among multiple protocol versions offered |
799 | by the server. | 799 | by the server. |