diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | sshd_config | 8 |
2 files changed, 13 insertions, 3 deletions
@@ -6,6 +6,12 @@ loaded, which makes ChallengeResponse default to yes again. This was broken by the Match changes and not fixed properly subsequently. Found by okan at demirmen.com, ok djm@ "please do it" deraadt@ + - djm@cvs.openbsd.org 2007/03/19 01:01:29 + [sshd_config] + Disable the legacy SSH protocol 1 for new installations via + a configuration override. In the future, we will change the + server's default itself so users who need the legacy protocol + will need to turn it on explicitly 20070313 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include @@ -2835,4 +2841,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4641 2007/03/21 09:38:53 dtucker Exp $ +$Id: ChangeLog,v 1.4642 2007/03/21 09:42:24 dtucker Exp $ diff --git a/sshd_config b/sshd_config index 6a3cad88..3393cec5 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ +# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -11,11 +11,15 @@ # default value. #Port 22 -#Protocol 2,1 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 |