> Oh, and a question for der Mouse, just out of curiosity, isn't it a > bit late to be doing SSHv1? :-). Well, yes. In some respects, I wouldn't waste machine cycles, much less brain cycles, on ssh1. But at $DAYJOB we have a few internal machines which still are ssh1-only (behind our firewall/NAT, to be sure) that I want to log in to from my desktop. I've been using the same ssh1 implementation moussh replaced as my primary remote-login tool, but (a) I'd like to use a moussh client so that it can share things like keys files and agent access, and (b) making ssh1 compat available in moussh for others in similar situations is something I've been wanting to do for a year or two now. I hardly want to encourage ssh1 use, certainly. I've been unsure just how strongly I want to discourage it; I can imagine a whole spectrum of possibilties, all the way from "don't distribute any ssh1 compat code" to "ship moussh with full automatic ssh1 fallback" - I'm currently tending towards a default of "compiled in but disabled unless a config-file switch is flipped". Another reason is curiosity: I have never learned the ssh1 protocol, and I would like to, even if only to be able to make more-informed judgements about its risks and thus suitability for a given environment. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.