SSH usage profiling

In the days of yore, there was telnet. And it was good. But it was also completely insecure, so wise men devised SSH version 1. And it was better.

That was a long time ago. Nowadays, sane people strictly use SSH version 2. If you run an SSH server, you can use version 1, version 2, or both. There is a huge number of servers that still accept both out there. I can't understand why.

It is my understanding that SSH compatibility is useful for legacy applications where SSHv1 is hardcoded into something, like a firmware device. Are there really that many SSHv1 devices out there that we can never upgrade? No.

Do me a favor and make sure that you're only using version 2. I'm going to go through all my servers and double-check right now. Here's a tip. If you telnet to port 22 of your SSH server and you see "SSH-1.99-OpenSSH_4.3", you're running in compatibility mode. If it says "SSH-2.0-OpenSSH_4.3", you're fine.

Update: I checked, and two of my internal-facing OpenBSD boxes were flashing SSH-1.99, probably because that's the default setup and I never bothered changing it. Just goes to show that even the best of us can let this thing slip. Learn from my mistakes and beef up your box.