From 506ed88cef81bdaed373e90204090e27711633ff Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Wed, 21 Mar 2007 20:42:24 +1100
Subject:    - djm@cvs.openbsd.org 2007/03/19 01:01:29      [sshd_config]     
 Disable the legacy SSH protocol 1 for new installations via      a
 configuration override. In the future, we will change the      server's
 default itself so users who need the legacy protocol      will need to turn
 it on explicitly

---
 ChangeLog   | 8 +++++++-
 sshd_config | 8 ++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 977c8a29..fe50bc56 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,12 @@
      loaded, which makes ChallengeResponse default to yes again.  This
      was broken by the Match changes and not fixed properly subsequently.
      Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
+   - djm@cvs.openbsd.org 2007/03/19 01:01:29
+     [sshd_config]
+     Disable the legacy SSH protocol 1 for new installations via
+     a configuration override. In the future, we will change the
+     server's default itself so users who need the legacy protocol
+     will need to turn it on explicitly
 
 20070313
  - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
@@ -2835,4 +2841,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4641 2007/03/21 09:38:53 dtucker Exp $
+$Id: ChangeLog,v 1.4642 2007/03/21 09:42:24 dtucker Exp $
diff --git a/sshd_config b/sshd_config
index 6a3cad88..3393cec5 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
+#	$OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -11,11 +11,15 @@
 # default value.
 
 #Port 22
-#Protocol 2,1
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
+# Disable legacy (protocol version 1) support in the server for new
+# installations. In future the default will change to require explicit
+# activation of protocol 1
+Protocol 2
+
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
-- 
cgit v1.2.3