Re: ssh to remote machines problem after cvsup
"Andrew P. Lentvorski" <[EMAIL PROTECTED]> writes: > If OpenSSH did a proper "attempt version 2(fail) -> attempt version > 1(succeed)" fallback, your original users *would* be able to get in > *without* change. This fact that this does not occur really is a > bug/misfeature of OpenSSH. No, it's a bug/misfeature of the protocol OpenSSH implements. OpenSSH can't do anything about it without losing the right to its name. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ssh to remote machines problem after cvsup
> Date: Tue, 09 Jul 2002 10:09:29 -0700 > From: Doug Barton <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > > Jay Sachs wrote: > > > There are those of us who consider the protocol switch a good change, > > So you are free to do that on your systems. The problem is, whether you > think it's a good idea or not, it's already catching people by surprise, > and locking them out of their systems. The change should be reverted. Doug, This was discussed on stable (admittedly a bit late in the game) and every comment I saw favored making the change in Stable. An entry was made in UPDATING to warn people of the change. >From a security standpoint alone the change is justified as protocol V1.5 has long required kludges to work around its problems while V2 was much more carefully crafted from the ground up and has no known problems. I am only talking about the protocol and no particular implementation. People should really be using V2 protocols in all cases except where remote systems still don't support it. (And, do you REALLY want to connect to those systems?) I will admit that I had pretty much converted everything of mine to use V2 long before this came up, so this really didn't have an impact on me. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ssh to remote machines problem after cvsup
Jay Sachs wrote: > There are those of us who consider the protocol switch a good change, So you are free to do that on your systems. The problem is, whether you think it's a good idea or not, it's already catching people by surprise, and locking them out of their systems. The change should be reverted. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ssh to remote machines problem after cvsup
Thus spake stan <[EMAIL PROTECTED]>: > Some machines will let me in, but only if I enter the password (where I did > not have to before). Others just refuse to let me in at all! I have had the former problem for quite some time. All of the machines in question were running some version of SSH Secure Shell and were (as far as I know) correctly configured to use public key authentication. Reverting to ``Protocol 1,2'' in ssh_config solved the problem. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
