Date: Sat, 2 Sep 2000 01:49:52 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: arch@FreeBSD.org Subject: Re: Enabling sshd by default Message-ID: <Pine.NEB.3.96L.1000902014843.38524L-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.21.0009012116200.76245-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmm. Trouble is, it will disable ssh1 in existing installations, where it is widely deployed and may result in unhapiness. I'd rather we just waited until Sept 21 and did this, and not turn off protocol 1 by default just yet. Especially given that just this morning I ran into protocol 2 compatibility problems (that I haven't had a chance to track down, but it's irritating at best) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services On Fri, 1 Sep 2000, Kris Kennaway wrote: > What say you all to the following patch: > > Index: crypto/openssh/sshd_config > =================================================================== > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > retrieving revision 1.11 > diff -u -r1.11 sshd_config > --- crypto/openssh/sshd_config 2000/09/02 03:49:22 1.11 > +++ crypto/openssh/sshd_config 2000/09/02 04:14:33 > @@ -4,9 +4,10 @@ > > Port 22 > #Protocol 2,1 > +Protocol 2 > #ListenAddress 0.0.0.0 > #ListenAddress :: > -HostKey /etc/ssh/ssh_host_key > +#HostKey /etc/ssh/ssh_host_key > HostDsaKey /etc/ssh/ssh_host_dsa_key > ServerKeyBits 768 > LoginGraceTime 120 > Index: etc/defaults/rc.conf > =================================================================== > RCS file: /home/ncvs/src/etc/defaults/rc.conf,v > retrieving revision 1.77 > diff -u -r1.77 rc.conf > --- etc/defaults/rc.conf 2000/08/18 09:37:50 1.77 > +++ etc/defaults/rc.conf 2000/09/02 04:14:33 > @@ -134,7 +134,7 @@ > pppoed_provider="*" # Provider and ppp(8) config file entry. > pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). > pppoed_interface="fxp0" # The interface that pppoed runs on. > -sshd_enable="NO" # Enable sshd > +sshd_enable="YES" # Enable sshd > sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. > sshd_flags="" # Additional flags for sshd. > > When version 1 mode is disabled, sshd doesn't require any RSA support, and > it will happily work out of the box without configuration. sshd_enable > checks for the existence of the binary before running it, so this will > work fine even if you don't have crypto or OpenSSH installed. > > If I commit the above, my plan is to add back v1 to the default on Sept 21 > along with the change to build RSA for everyone and remove the vestiges of > librsaUSA. If we go ahead with the plans to release a net-only > 4.1.5-RELEASE around that date they'll also go in there. > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe <forsythe@alum.mit.edu> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-arch" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000902014843.38524L-100000>