openssh-2.9p1-7: Protocol 1,2 or Protocol 2,1 ?
Hi list! Why are the default protocols order in /etc/ssh/ssh_config and /etc/ssh/sshd_config 1,2 and not 2,1 ? Manual pages for ssh and sshd state that the default is 2,1. So, why did the guys at SuSE changed it to 1,2? Backward compatibility to older SuSE distro's or keys? Thanks, richard -- Richard Ems ... e-mail: r.ems@gmx.net ... Fachbereich Informatik, Universität Hamburg Unix IS user friendly. It's just selective about who its friends are.
Hi again! Two more questions: 1. Is the order in sshd relevant? Protocol 1,2 == Protocol 2,1 ? 2. Should I change to 2,1 on my firewall? Thanks, richard -- Richard Ems ... e-mail: r.ems@gmx.net ... Fachbereich Informatik, Universität Hamburg Unix IS user friendly. It's just selective about who its friends are.
On Thu, Jun 14, 2001 at 04:50:31PM +0200, Richard Ems wrote:
1. Is the order in sshd relevant? Protocol 1,2 == Protocol 2,1 ?
2. Should I change to 2,1 on my firewall?
It's the client that decides which protocol to use (if both are available). For sshd the order is not relevant. For the client the order is of importance. Protocol 2 should be preferred over protocol 1, so I have changed this in ssh_config after installing the RPM. The handling of the sessions is different for the protocols and protocol 2 has some problems with connection shutdown when background processes were started. Maybe that's the reason why SuSE decided to stay with protocol 1 as default. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Hi! I have the following problem:
From one boot to the next, I had an ugly message on my screen saying: *ERROR* cannot fsck, root is not read-only
So what's wrong with my system, and how can I get back to my root mounted read-only? TIA kind regards markus
Lutz Could you give me more information. What do you mean by Problems? Is it possible that this could hang the ssh process? Thanks Dany Allard <SNIP> The handling of the sessions is different for the protocols and protocol 2 has some problems with connection shutdown when background processes were started. Maybe that's the reason why SuSE decided to stay with protocol 1 as default. <SNIP>
On Thu, Jun 14, 2001 at 10:30:23AM -0600, dany allard wrote:
Could you give me more information. What do you mean by Problems? Is it possible that this could hang the ssh process?
On some platforms and to different (platform dependent) degrees, a ssh process will not shutdown, as it thinks that a connection to the server is still open. The test is ssh some_server ... sleep 20 & ; exit It then hangs for 20 seconds before exiting. This can be very annoying when instead of "sleep 20" you e.g. started something long running into background, that does not properly daemonize. After e.g. /etc/init.d/mysqld start your 'exit' would hang, as safe_mysqld is put to background with "&", but it is not a "real daemon". On openssh-unix-dev it was discussed, that this problem is caused by the select() implementations and the open file descriptors. A workaround would be /etc/init.d/mysqld start > /dev/null 2>&1 so that no open file descriptors are left. At least Linux and HP-UX are affected (and I have precisely these platforms). A good solution to this problem is not trivial, as on premature close file transfers with scp might be truncated. This topic is actively discussed on openssh-unix-dev for quite some time now but no final solution was yet found (so the problem is also there in 2.9p1). Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
participants (4)
-
dany allard -
Lutz Jaenicke -
Markus Kohli -
Richard Ems