fbsd11 & sshv1
Peter Jeremy
peter at rulingia.com
Thu Feb 2 04:41:13 UTC 2017
On 2017-Jan-30 19:52:26 +0000, heasley <heas at shrubbery.net> wrote:
>Mon, Jan 30, 2017 at 01:57:32PM +0100, Dag-Erling Smørgrav:
>> heasley <heas at shrubbery.net> writes:
>> > So, what is the BCP to support a v1 client for outbound connections on fbsd
>> > 11? Hopefully one that I do not need to maintain by building a special ssh
>> > from ports. Is there a pkg that I'm missing?
>>
>> FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 and 12
>> do not, and neither does the openssh-portable port. I'm afraid you will
>> have to find some other SSH client.
>
>That is sad; I doubt that I am the only one who would need this - there
>are millions of Cisco, HP, and etc network devices that folks must continue
>to access but will never receive new firmware with sshv2. It takes a long
>time for some equipment to transition to the recycle bin - even after
>vendor EOLs.
I firmly support the removal of SSHv1 from FreeBSD base. OTOH, I realise
that there may be reasons why old equipment is retained far longer than
desirable and agree that SSHv1 has some benefits over TELNET.
My suggestion is that someone™ who has a pressing need for a SSHv1 client
creates a net/ssh1 port (ie not in the "security" category) that installs a
client (only) that supports SSHv1 only, and comes with a big red flashing
"DANGER: INSECURE, DO NOT USE UNLESS YOU KNOW WHAT YOU ARE DOING" warning.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170202/8b84579e/attachment.sig>
More information about the freebsd-security
mailing list