Merge SSH-2-only default from 'pre-0.64'.

doc/config.but

@@ -2268,16 +2268,27 @@ make the most of a low-\i{bandwidth} connection.
 
 \cfg{winhelp-topic}{ssh.protocol}
 
-This allows you to select whether you would like to use \i{SSH protocol
+This allows you to select whether you would prefer to use \i{SSH protocol
-version 1} or \I{SSH-2}version 2. \#{FIXME: say something about this elsewhere?}
+version 1} or \I{SSH-2}version 2, and whether to permit falling back
+to the other version.
 
-PuTTY will attempt to use protocol 1 if the server you connect to
+With the settings \q{1} and \q{2}, PuTTY will attempt to use protocol 1
-does not offer protocol 2, and vice versa.
+if the server you connect to does not offer protocol 2, and vice versa.
 
 If you select \q{1 only} or \q{2 only} here, PuTTY will only connect
 if the server you connect to offers the SSH protocol version you
 have specified.
 
+You should normally leave this at the default, \q{2 only}. The older
+SSH-1 protocol is no longer developed, has many known cryptographic
+weaknesses, and is generally not considered to be secure. If you
+permit use of SSH-1 by selecting \q{2} instead of \q{2 only}, an
+active attacker can force downgrade to SSH-1 even if the server
+you're connecting to supports SSH-2.
+
+PuTTY's protocol 1 implementation is provided mainly for
+compatibility, and is no longer being enhanced.
+
 \S{config-ssh-sharing} Sharing an SSH connection between PuTTY tools
 
 \cfg{winhelp-topic}{ssh.sharing}

doc/faq.but

@@ -63,6 +63,9 @@ files into PuTTY's format.
 
 Yes. SSH-1 support has always been available in PuTTY.
 
+However, the SSH-1 protocol has many weaknesses and is no longer
+considered secure; it should be avoided if at all possible.
+
 \S{faq-localecho}{Question} Does PuTTY support \i{local echo}?
 
 Yes. Version 0.52 has proper support for local echo.

settings.c

@@ -781,7 +781,8 @@ void load_open_settings(void *sesskey, Conf *conf)
     }
     gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
     gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
-    gppi(sesskey, "SshProt", 2, conf, CONF_sshprot);
+    /* SSH-2 only by default */
+    gppi(sesskey, "SshProt", 3, conf, CONF_sshprot);
     gpps(sesskey, "LogHost", "", conf, CONF_loghost);
     gppi(sesskey, "SSH2DES", 0, conf, CONF_ssh2_des_cbc);
     gppi(sesskey, "SshNoAuth", 0, conf, CONF_ssh_no_userauth);

ssh.c

@@ -2966,11 +2966,13 @@ static int do_ssh_init(Ssh ssh, unsigned char c)
     s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
 
     if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
-	bombout(("SSH protocol version 1 required by user but not provided by server"));
+	bombout(("SSH protocol version 1 required by configuration but "
+		 "not provided by server"));
 	crStop(0);
     }
     if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
-	bombout(("SSH protocol version 2 required by user but not provided by server"));
+	bombout(("SSH protocol version 2 required by configuration but "
+		 "not provided by server"));
 	crStop(0);
     }