- jmc@cvs.openbsd.org 2009/10/08 20:42:12
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
some tweaks now that protocol 1 is not offered by default; ok markus
diff --git a/ChangeLog b/ChangeLog
index 23bc18b..495c096 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt
+ - jmc@cvs.openbsd.org 2009/10/08 20:42:12
+ [sshd_config.5 ssh_config.5 sshd.8 ssh.1]
+ some tweaks now that protocol 1 is not offered by default; ok markus
20091007
- (dtucker) OpenBSD CVS Sync
diff --git a/ssh.1 b/ssh.1
index 6c6271e..8c3d32a 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.283 2009/03/19 15:15:09 jmc Exp $
-.Dd $Mdocdate: March 19 2009 $
+.\" $OpenBSD: ssh.1,v 1.284 2009/10/08 20:42:12 jmc Exp $
+.Dd $Mdocdate: October 8 2009 $
.Dt SSH 1
.Os
.Sh NAME
@@ -666,20 +666,18 @@
if an error occurred.
.Sh AUTHENTICATION
The OpenSSH SSH client supports SSH protocols 1 and 2.
-Protocol 2 is the default, with
-.Nm
-falling back to protocol 1 if it detects protocol 2 is unsupported.
-These settings may be altered using the
+The default is to use protocol 2 only,
+though this can be changed via the
.Cm Protocol
option in
-.Xr ssh_config 5 ,
-or enforced using the
+.Xr ssh_config 5
+or the
.Fl 1
and
.Fl 2
options (see above).
Both protocols support similar authentication methods,
-but protocol 2 is preferred since
+but protocol 2 is the default since
it provides additional mechanisms for confidentiality
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).
diff --git a/ssh_config.5 b/ssh_config.5
index 82c2a30..89f3896 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.121 2009/10/08 20:42:13 jmc Exp $
.Dd $Mdocdate: October 8 2009 $
.Dt SSH_CONFIG 5
.Os
@@ -731,12 +731,12 @@
.Sq 2 .
Multiple versions must be comma-separated.
When this option is set to
-.Dq 2,1
+.Dq 2,1
.Nm ssh
will try version 2 and fall back to version 1
if version 2 is not available.
The default is
-.Dq 2 .
+.Sq 2 .
.It Cm ProxyCommand
Specifies the command to use to connect to the server.
The command
diff --git a/sshd.8 b/sshd.8
index 111d491..7878d9f 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.248 2009/03/26 08:38:39 sobrado Exp $
-.Dd $Mdocdate: March 26 2009 $
+.\" $OpenBSD: sshd.8,v 1.249 2009/10/08 20:42:13 jmc Exp $
+.Dd $Mdocdate: October 8 2009 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -260,7 +260,7 @@
.El
.Sh AUTHENTICATION
The OpenSSH SSH daemon supports SSH protocols 1 and 2.
-Both protocols are supported by default,
+The default is to use protocol 2 only,
though this can be changed via the
.Cm Protocol
option in
diff --git a/sshd_config.5 b/sshd_config.5
index 00ac82a..4b3793d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.109 2009/10/08 20:42:13 jmc Exp $
.Dd $Mdocdate: October 8 2009 $
.Dt SSHD_CONFIG 5
.Os
@@ -793,7 +793,7 @@
.Sq 2 .
Multiple versions must be comma-separated.
The default is
-.Dq 2 .
+.Sq 2 .
Note that the order of the protocol list does not indicate preference,
because the client selects among multiple protocol versions offered
by the server.