From owner-freebsd-arch  Mon Jun 26 12:42:36 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id AEA1337B75F; Mon, 26 Jun 2000 12:42:33 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA98767;
	Mon, 26 Jun 2000 12:42:33 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Mon, 26 Jun 2000 12:42:33 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: "Jordan K. Hubbard" <jkh@zippy.osd.bsdi.com>
Cc: obrien@FreeBSD.ORG, Adrian Chadd <adrian@FreeBSD.ORG>,
	arch@FreeBSD.ORG
Subject: Re: Disabling inetd? 
In-Reply-To: <3874.962047433@localhost>
Message-ID: <Pine.BSF.4.21.0006261234150.95506-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 26 Jun 2000, Jordan K. Hubbard wrote:

> > But this should not be an issue, now that our OpenSSH also does the
> > version 2 protocol.  The v2 protocol does not require RSA at all.  We
> > should be able to export all the DH/DSA bits on the CDROM that we need
> > for v2 to just work out of the box.
> 
> I did not know this.  So, which "we" were you referring to in your
> last sentence?  Sounded more like an "I, David O'Brien" to me. :-)

Actually I just checked (sorry for giving incorrect advice before, david
:) and sshd quite won't run out of the box with the default config file
because it tries to initialise the RSA server key for protocol 1, which
will fail to bind the RSA stubs and exit.

Solutions are:

1) Put "Protocol 2" in the config file if RSA libraries are not installed,
to force SSH2 mode which only uses DSA

2) Fix the sshd code to not exit if RSA can't be found and just fall back
to SSH2 mode (probably better)

Other than that, sshd will work by default on all new systems.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message