Bug 2519 - Obsolete SSHv1 config options
Summary: Obsolete SSHv1 config options
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.1p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_6
  Show dependency treegraph
 
Reported: 2015-12-19 00:14 AEDT by Jakub Jelen
Modified: 2021-04-23 15:08 AEST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Jelen 2015-12-19 00:14:21 AEDT 
When building openssh without support for SSHv1 protocol, we should obsolete options that are effective only for this protocol. The manual pages are long, people tend to ignore the notes in manual pages (or manual pages overall) and are wondering "why it does not work" (for example Cipher option [1]). It applies for both client and server config options.

There are few ways how to do this, either put the whole options into #ifdef, or make them "oUnsupported". Or create some transition Obsolete warning that would not fail

The same end should be given to their description in manual pages, but it would require some pre-processing (not sure about the most clean way).

This is quite last missing piece of SSHv1 support in current release. I didn't find any place where it is tracked, except my last note in bug #2513. Also without patch, but I can create some, if you let me know that you are interested in such change.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1281705
Comment 1 Damien Miller 2016-07-08 14:50:03 AEST 
We'll take a look at these after the openssh-7.3 release when we start removing the SSHv1 code properly.
Comment 2 Damien Miller 2016-12-16 14:31:17 AEDT 
OpenSSH 7.4 release is closing; punt the bugs to 7.5
Comment 3 Damien Miller 2017-02-10 13:30:57 AEDT 
I've put the remaining options into #ifdef and generally tidied up SSHv1 options here:

commit 381a2615a154a82c4c53b787f4a564ef894fe9ac
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jan 30 00:38:50 2017 +0000

    upstream commit
    
    small cleanup post SSHv1 removal:
    
    remove SSHv1-isms in commented examples
    
    reorder token table to group deprecated and compile-time conditional tokens
    better
    
    fix config dumping code for some compile-time conditional options that
    weren't being correctly skipped (SSHv1 and PKCS#11)
    
    Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105

That just leaves the manual bits.
Comment 4 Damien Miller 2017-06-30 13:43:10 AEST 
Move incomplete bugs to openssh-7.6 target since 7.5 shipped a while back.

To calibrate expectations, there's little chance all of these are going to make 7.6.
Comment 5 Damien Miller 2017-06-30 13:44:25 AEST 
remove 7.5 target
Comment 6 Darren Tucker 2017-06-30 14:51:11 AEST 
Now that the SSH1 code is gone I think this is resolved.  Certainly the one referred to in the upstream bug (Cipher) is gone.  If there are any that we missed we will happily delete them.
Comment 7 Damien Miller 2021-04-23 15:08:18 AEST 
closing resolved bugs as of 8.6p1 release