Mon, Jan 30, 2017 at 01:57:32PM +0100, Dag-Erling Sm?rgrav:> heasley <heas at shrubbery.net> writes: > > So, what is the BCP to support a v1 client for outbound connections on fbsd > > 11? Hopefully one that I do not need to maintain by building a special ssh > > from ports. Is there a pkg that I'm missing? > > FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 and 12 > do not, and neither does the openssh-portable port. I'm afraid you will > have to find some other SSH client.That is sad; I doubt that I am the only one who would need this - there are millions of Cisco, HP, and etc network devices that folks must continue to access but will never receive new firmware with sshv2. It takes a long time for some equipment to transition to the recycle bin - even after vendor EOLs.
On 30 January 2017 at 11:52, heasley <heas at shrubbery.net> wrote:> Mon, Jan 30, 2017 at 01:57:32PM +0100, Dag-Erling Sm?rgrav: >> heasley <heas at shrubbery.net> writes: >> > So, what is the BCP to support a v1 client for outbound connections on fbsd >> > 11? Hopefully one that I do not need to maintain by building a special ssh >> > from ports. Is there a pkg that I'm missing? >> >> FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 and 12 >> do not, and neither does the openssh-portable port. I'm afraid you will >> have to find some other SSH client. > > That is sad; I doubt that I am the only one who would need this - there > are millions of Cisco, HP, and etc network devices that folks must continue > to access but will never receive new firmware with sshv2. It takes a long > time for some equipment to transition to the recycle bin - even after > vendor EOLs.Well you have about 7 months until it's deprecated from openssh. What's wrong with continuing to use openSSH 7.4 post sshv1 deprecation? -- ------- inum: 883510009027723 sip: jungleboogie at sip2sip.info
> On 30 Jan 2017, at 20:52, heasley <heas at shrubbery.net> wrote: > > That is sad; I doubt that I am the only one who would need this - there > are millions of Cisco, HP, and etc network devices that folks must continue > to access but will never receive new firmware with sshv2. It takes a long > time for some equipment to transition to the recycle bin - even after > vendor EOLs.I get your point, but there are other ways to go about this. The right way to go about it would IMHO be fairly simple: If you have few boxes, bin them. If they?re not getting firmware updates, ssh v1 isn?t your only problem. If you have too many critical or expensive boxes to make that practical, you can probably afford a Soekris, Raspberry Pi or similar, that you can keep at FreeBSD 10, and use as a jump host. Which you should probably have anyway, if your equipment is no longer getting updates. Either way; problem solved, and relatively cleanly so. ?We have that crud over there, so we must keep this crud over here? really isn?t the way to move security forward, especially not when better solutions are easily available. SSH2 has been around for a decade now, it?s time to let go of SSH1, at least in primary systems. Terje
heasley <heas at shrubbery.net> writes:> Dag-Erling Sm?rgrav <des at des.no> writes: > > FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11 > > and 12 do not, and neither does the openssh-portable port. I'm > > afraid you will have to find some other SSH client. > That is sad;You know what would be even sadder? If the OpenSSH developers had to continue to devote significant resources to maintaining a rat's nest of legacy code so 0.0001% of their users could continue to use an obsolete protocol to connect to obsolete equipment, instead of devoting those same resources to developing new features and improving existing ones. Especially when those users have plenty of alternatives to choose from, including but not limited to security/putty. DES -- Dag-Erling Sm?rgrav - des at des.no