Bug 1083839 - add option to support legacy, insecure SSHv1 client connections
add option to support legacy, insecure SSHv1 client connections
Status: RESOLVED WONTFIX
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
x86 All
: P5 - None : Enhancement (vote)
: ---
Assigned To: Vítězslav Čížek
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-03 15:56 UTC by Ruggero Rossi
Modified: 2018-10-09 10:45 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ruggero Rossi 2018-03-03 15:56:58 UTC
package: openssh

After last update, trying to connect to old servers running SSH version 1
gives the message:

SSH protocol v.1 is no longer supported

While it is wise to disable the version 1 on the mainstream, a solutions has to be provided for people that need to access server still running version 1 and that, for any reason, cannot be upgraded. In my case, an embedded system.

Probably the best solution is to provide an extra package containing a client able to run version 1, like debian does.
Comment 1 Andreas Stieger 2018-03-03 19:58:35 UTC
from OpenSSH 7.6p1 changelog:
>  * complete removal of the ancient SSHv1 protocol

Security team vetoes the maintenance of SSHv1 on the SLE 15/Leap 15 area codestream in the distribution OpenSSH packages if upstream has completely removed this now.

(In reply to Ruggero Rossi from comment #0)
> While it is wise to disable the version 1 on the mainstream, a solutions has
> to be provided for people that need to access server still running version 1
> and that, for any reason, cannot be upgraded. In my case, an embedded system.

In fact we do not have to do this at all, as you can just as well use telnet if you need an insecure protocol. A rolling distribution will sometimes turn off old insecure stuff, this is one of these instances. Adding back separate support for SSHv1 is extra work. Are you willing to put this work in?

Alternative ssh implementations may exist in the distribution who may choose to support this.

Assigning to maintainer, I think this should be a RESOLVED - WONTFIX.
Comment 3 Vítězslav Čížek 2018-10-09 10:45:06 UTC
Agreed.
The SSHv1 protocol has been disabled by default upstream since 7.0.
We don't want to bring it back.