Bug#846165: .../.ssh/config line 127: Bad protocol spec '1'.
Reading back, I may have been a little unclear. It's probably because the
arrogance of the openssl people has always aggravated me. (For example the
"none" cipher where they, basically, said eveyone else is too stupid to
use it sensibily)
In this instance they have made the $HOME/.ssh/config file a common
configuration file between the ssh1 and openssh2 packages. But due to
an overly agressive error message it cannot actually be used safely by
both packages.
Safely would mean that if ssh1 is NOT installed ssh does not connect
to a host labeled as "Protocol 1". It does not mean that it sulks until
all hints of "Protocol 1" have been removed from the config file.
Safely means that if the "ssh1" package is installed it is ONLY used
for connections that are EXPLICITLY labeled as "Protocol 1" as the other
end may still support ssh1 or there may be a downgrade attack in progress.
My personal solution to this on another OS was to create a wrapper that
looked down two different config files for the two different versions. If
it found the remote host in one of them it used that particular version
of the connection tool. If it wasn't found the wrapper used the preferred
tool. I think I eventually put the older tool into a library directory
where it wasn't even on the path, it could only be used if I had actually
created an entry for it.
Of course, this used two independent configuration files.
BTW: This was a LONG time ago, it was actually between "ssh" and "rsh". As
you see the ssh people have a long history. I'm actually a bit surprised
that it's taken as long as it has for them to do something like this to
kill off V1, ... maybe they're getting better ... or maybe there's just
more people to shout at them now.
PS: Can the completely insecure ssh1 package have the "none" cipher
please. ;-)
--
Rob. (Robert de Bath <robert$ @ debath.co.uk>)
<http://www.debath.co.uk/>
Reply to: