Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Sep 2000 21:22:55 -0700 (PDT)
From:      Kris Kennaway <kris@FreeBSD.org>
To:        arch@freebsd.org
Subject:   Enabling sshd by default
Message-ID:  <Pine.BSF.4.21.0009012116200.76245-100000@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
What say you all to the following patch:

Index: crypto/openssh/sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.11
diff -u -r1.11 sshd_config
--- crypto/openssh/sshd_config	2000/09/02 03:49:22	1.11
+++ crypto/openssh/sshd_config	2000/09/02 04:14:33
@@ -4,9 +4,10 @@
 
 Port 22
 #Protocol 2,1
+Protocol 2
 #ListenAddress 0.0.0.0
 #ListenAddress ::
-HostKey /etc/ssh/ssh_host_key
+#HostKey /etc/ssh/ssh_host_key
 HostDsaKey /etc/ssh/ssh_host_dsa_key
 ServerKeyBits 768
 LoginGraceTime 120
Index: etc/defaults/rc.conf
===================================================================
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.77
diff -u -r1.77 rc.conf
--- etc/defaults/rc.conf	2000/08/18 09:37:50	1.77
+++ etc/defaults/rc.conf	2000/09/02 04:14:33
@@ -134,7 +134,7 @@
 pppoed_provider="*"		# Provider and ppp(8) config file entry.
 pppoed_flags="-P /var/run/pppoed.pid"	# Flags to pppoed (if enabled).
 pppoed_interface="fxp0"		# The interface that pppoed runs on.
-sshd_enable="NO"                # Enable sshd
+sshd_enable="YES"               # Enable sshd
 sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
 sshd_flags=""                   # Additional flags for sshd.
 
When version 1 mode is disabled, sshd doesn't require any RSA support, and
it will happily work out of the box without configuration. sshd_enable
checks for the existence of the binary before running it, so this will
work fine even if you don't have crypto or OpenSSH installed.

If I commit the above, my plan is to add back v1 to the default on Sept 21
along with the change to build RSA for everyone and remove the vestiges of
librsaUSA. If we go ahead with the plans to release a net-only
4.1.5-RELEASE around that date they'll also go in there.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009012116200.76245-100000>