- djm@cvs.openbsd.org 2007/03/19 01:01:29

[sshd_config]
     Disable the legacy SSH protocol 1 for new installations via
     a configuration override. In the future, we will change the
     server's default itself so users who need the legacy protocol
     will need to turn it on explicitly

ChangeLog

@@ -6,6 +6,12 @@
      loaded, which makes ChallengeResponse default to yes again.  This
      was broken by the Match changes and not fixed properly subsequently.
      Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
+   - djm@cvs.openbsd.org 2007/03/19 01:01:29
+     [sshd_config]
+     Disable the legacy SSH protocol 1 for new installations via
+     a configuration override. In the future, we will change the
+     server's default itself so users who need the legacy protocol
+     will need to turn it on explicitly
 
 20070313
  - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
@@ -2835,4 +2841,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4641 2007/03/21 09:38:53 dtucker Exp $
+$Id: ChangeLog,v 1.4642 2007/03/21 09:42:24 dtucker Exp $

sshd_config

@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
+#	$OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -11,11 +11,15 @@
 # default value.
 
 #Port 22
-#Protocol 2,1
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
+# Disable legacy (protocol version 1) support in the server for new
+# installations. In future the default will change to require explicit
+# activation of protocol 1
+Protocol 2
+
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2