Contributed by pitrh on from the it was a step up from telnet once dept.
The final commit message, for the commit that removes the SSHv1 related regression tests, reads:
Eliminate explicit specification of protocol in tests and loops over protocol. We only support SSHv2 now.
Dropping support for SSHv1 and associated ciphers that were either suspected to or known to be broken has been planned for several releases, and has been eagerly anticipated by many in the OpenBSD camp.
In practical terms this means that starting with OpenBSD-current and snapshots as they will be very soon (and further down the road OpenBSD 6.2 with OpenSSH 7.6), the arcane options you used with ssh to connect to some end-of-life gear in a derelict data centre you don't want to visit anymore will no longer work and you will be forced do the reasonable thing. Upgrade.
Longtime OpenBSD developer Bob Beck's public reaction on Twitter was to the point:
Goodbye SSH version 1 - Anyone still using you has been delusional for a very long time. https://t.co/43EgGta16k
— Bob Beck (@bob_beck) April 30, 2017
Others have described the long-planned move variously as "a mercy killing" and "a cause for major celebrations".
Now is a great time to prepare to decommission or upgrade any equipment that still relies on the long deprecated protocol. You will be making your users safer in the process.
(Comments are closed)
By Renaud Allard (renaud) renaud@allard.it on
Comments
By Peter N. M. Hansteen (pitrh) on http://bsdly.blogspot.com/
corrected in the stor, thanks!
By Anonymous Coward (87.118.116.12) on
Then how come on openbsd.org/plus61.html and the OpenBSD 6.1 announcement, it has "OpenSSH 7.4" on it?
By sthen (82.68.199.128) on
By Bob Beck (184.70.180.51) beck@openbsd.org on
have the device itself firewalled off from the universe by something modern (i.e. an OpenBSD box in front of it and a private network). At that point the solution is really simple. These devices all support telnet. Just use telnet.
Comments
By Darren Tucker (dtucker) on
It's also pretty easy to build and install openssh 7.5p1 on another path and keep that around specifically for talking to those devices.
We even fixed one or two SSHv1 bugs for 7.5 knowing that it was about to be ripped out to support this kind of use case.
By Anonymous Cowboy (87.118.116.12) on
So presumably, the recent changes here are for the client support, and probably removing the existing dead code on the server side. Server-side support was already removed before.
By Taylor (107.150.65.12) taylorshaw151@gmail.com on