- jmc@cvs.openbsd.org 2009/10/08 20:42:12

[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
     some tweaks now that protocol 1 is not offered by default; ok markus

ChangeLog

@@ -7,6 +7,9 @@
      [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
      disable protocol 1 by default (after a transition period of about 10 years)
      ok deraadt
+   - jmc@cvs.openbsd.org 2009/10/08 20:42:12
+     [sshd_config.5 ssh_config.5 sshd.8 ssh.1]
+     some tweaks now that protocol 1 is not offered by default; ok markus
 
 20091007
  - (dtucker) OpenBSD CVS Sync

ssh.1

@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.283 2009/03/19 15:15:09 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.284 2009/10/08 20:42:12 jmc Exp $
-.Dd $Mdocdate: March 19 2009 $
+.Dd $Mdocdate: October 8 2009 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -666,20 +666,18 @@ exits with the exit status of the remote command or with 255
 if an error occurred.
 .Sh AUTHENTICATION
 The OpenSSH SSH client supports SSH protocols 1 and 2.
-Protocol 2 is the default, with
+The default is to use protocol 2 only,
-.Nm
+though this can be changed via the
-falling back to protocol 1 if it detects protocol 2 is unsupported.
-These settings may be altered using the
 .Cm Protocol
 option in
-.Xr ssh_config 5 ,
+.Xr ssh_config 5
-or enforced using the
+or the
 .Fl 1
 and
 .Fl 2
 options (see above).
 Both protocols support similar authentication methods,
-but protocol 2 is preferred since
+but protocol 2 is the default since
 it provides additional mechanisms for confidentiality
 (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
 and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).

ssh_config.5

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.120 2009/10/08 14:03:41 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.121 2009/10/08 20:42:13 jmc Exp $
 .Dd $Mdocdate: October 8 2009 $
 .Dt SSH_CONFIG 5
 .Os
@@ -731,12 +731,12 @@ and
 .Sq 2 .
 Multiple versions must be comma-separated.
 When this option is set to
-.Dq 2,1 
+.Dq 2,1
 .Nm ssh
 will try version 2 and fall back to version 1
 if version 2 is not available.
 The default is
-.Dq 2 .
+.Sq 2 .
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command

sshd.8

@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.248 2009/03/26 08:38:39 sobrado Exp $
+.\" $OpenBSD: sshd.8,v 1.249 2009/10/08 20:42:13 jmc Exp $
-.Dd $Mdocdate: March 26 2009 $
+.Dd $Mdocdate: October 8 2009 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -260,7 +260,7 @@ or
 .El
 .Sh AUTHENTICATION
 The OpenSSH SSH daemon supports SSH protocols 1 and 2.
-Both protocols are supported by default,
+The default is to use protocol 2 only,
 though this can be changed via the
 .Cm Protocol
 option in

sshd_config.5

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.108 2009/10/08 14:03:41 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.109 2009/10/08 20:42:13 jmc Exp $
 .Dd $Mdocdate: October 8 2009 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -793,7 +793,7 @@ and
 .Sq 2 .
 Multiple versions must be comma-separated.
 The default is
-.Dq 2 .
+.Sq 2 .
 Note that the order of the protocol list does not indicate preference,
 because the client selects among multiple protocol versions offered
 by the server.