From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH 1/3] SSH client configuration: Use Protocol version 2 only
Date: Wed, 12 Sep 2018 19:50:43 +0200
Message-ID: <20180912175045.7636-1-peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0404751759229309037=="
List-Id: <development.lists.ipfire.org>

--===============0404751759229309037==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

SSH Protocol version 1 is insecure and must not be used anymore.
Restrict SSH client configuration to ensure only version 2 is used.

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
---
 config/ssh/ssh_config | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config
index 2abfae6d1..b36909f85 100644
--- a/config/ssh/ssh_config
+++ b/config/ssh/ssh_config
@@ -5,6 +5,9 @@ Host *
         # disable Roaming as it is known to be vulnerable
         UseRoaming no
=20
+	# only use version 2 of SSH protocol
+	Protocol 2
+
         # only use secure crypto algorithm
         KexAlgorithms curve25519-sha256(a)libssh.org,diffie-hellman-group-ex=
change-sha256
         Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes=
128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
--=20
2.16.4


--===============0404751759229309037==--