search for: sshall_versions

...the argument for pushing people to upgrade, but not by surprise in a minor version. If SSH is going to block old insecure versions it has a much bigger problem, because upgrade rates on SSH on the Internet are actually not fantastic. Here's the top 40 across all versions of SSH: $ head -n 40 sshall_versions.txt 2412684 SSH-2.0-OpenSSH_5.3 984056 SSH-2.0-OpenSSH_4.3 936855 SSH-2.0-dropbear_0.51 854624 SSH-2.0-dropbear_0.46 798414 SSH-2.0-OpenSSH_6.0p1 790303 SSH-2.0-OpenSSH_6.6.1p1 771396 SSH-2.0-OpenSSH_5.9p1 465647 SSH-2.0-OpenSSH_5.5p1 430372 SSH-2.0-ROSSSH 338577 SSH-1.99-Cisco-1.25 33728...

On Tue, Mar 24, 2015 at 10:37 PM, Dan Kaminsky <dan at doxpara.com> wrote: > On Tuesday, March 24, 2015, Damien Miller <djm at mindrot.org> wrote: > >> On Tue, 24 Mar 2015, Dan Kaminsky wrote: >> >> > Hmm. Feels a little aggressive for ssh client. Support heartily for >> sshd. >> >> People who need it can build their own, or OS vendors

...> surprise in > > a minor version. If SSH is going to block old insecure versions it has a > > much bigger problem, because upgrade rates on SSH on the Internet are > > actually not fantastic. Here's the top 40 across all versions of SSH: > > > > $ head -n 40 sshall_versions.txt > > 2412684 SSH-2.0-OpenSSH_5.3 > > 984056 SSH-2.0-OpenSSH_4.3 > > 936855 SSH-2.0-dropbear_0.51 > > 854624 SSH-2.0-dropbear_0.46 > > 798414 SSH-2.0-OpenSSH_6.0p1 > [snip] > > This brings to light another point: we can turn off v.1 by default at > ou...