Date: Mon, 26 Jun 2000 12:42:33 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: "Jordan K. Hubbard" <jkh@zippy.osd.bsdi.com> Cc: obrien@FreeBSD.ORG, Adrian Chadd <adrian@FreeBSD.ORG>, arch@FreeBSD.ORG Subject: Re: Disabling inetd? Message-ID: <Pine.BSF.4.21.0006261234150.95506-100000@freefall.freebsd.org> In-Reply-To: <3874.962047433@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 26 Jun 2000, Jordan K. Hubbard wrote:
> > But this should not be an issue, now that our OpenSSH also does the
> > version 2 protocol. The v2 protocol does not require RSA at all. We
> > should be able to export all the DH/DSA bits on the CDROM that we need
> > for v2 to just work out of the box.
>
> I did not know this. So, which "we" were you referring to in your
> last sentence? Sounded more like an "I, David O'Brien" to me. :-)
Actually I just checked (sorry for giving incorrect advice before, david
:) and sshd quite won't run out of the box with the default config file
because it tries to initialise the RSA server key for protocol 1, which
will fail to bind the RSA stubs and exit.
Solutions are:
1) Put "Protocol 2" in the config file if RSA libraries are not installed,
to force SSH2 mode which only uses DSA
2) Fix the sshd code to not exit if RSA can't be found and just fall back
to SSH2 mode (probably better)
Other than that, sshd will work by default on all new systems.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006261234150.95506-100000>