Date: Wed, 01 Jun 2016 21:47:32 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 209948] security/openssh-portable missing rc.conf options to prevent to generate keys at startup. Message-ID: <bug-209948-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209948 Bug ID: 209948 Summary: security/openssh-portable missing rc.conf options to prevent to generate keys at startup. Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: bdrewery@FreeBSD.org Reporter: services@lordgordon.com Assignee: bdrewery@FreeBSD.org Flags: maintainer-feedback?(bdrewery@FreeBSD.org) The base OpenSSH rc.d script has a nice undocumented set of options that ea= sily allow to disable the automatic creation of undesired, and possibly outdated, keys. Those options are: sshd_rsa1_enable, sshd_rsa_enable, sshd_dsa_enable, sshd_ecdsa_enable, sshd_ed25519_enable Reference: https://svnweb.freebsd.org/base/release/10.3.0/etc/rc.d/sshd?view=3Dmarkup It's possible to port those options in openssh-portable too? I think they a= re useful to avoid useless files and to increase the clarity of the overall configuration of a system. For information, a simple workaround I found is to pre-create the empty fil= es for the keys I don't want to be created. This works thanks to bug #202792. As a final remark, the abovementioned options are quite undocumented in the system (not in the man pages). Could be nice to document them. Thank for your support. Best Regards, Nicholas --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-209948-13>