From owner-cvs-all  Wed Apr 10  0:57:26 2002
Delivered-To: cvs-all@freebsd.org
Received: from yello.shallow.net (yello.shallow.net [203.18.243.120])
	by hub.freebsd.org (Postfix) with ESMTP
	id DD49E37B405; Wed, 10 Apr 2002 00:57:20 -0700 (PDT)
Received: by yello.shallow.net (Postfix, from userid 1001)
	id F24512A69; Wed, 10 Apr 2002 17:57:13 +1000 (EST)
Date: Wed, 10 Apr 2002 17:57:13 +1000
From: Joshua Goodall <joshua@roughtrade.net>
To: Brian Somers <brian@freebsd-services.com>
Cc: David O'Brien <obrien@FreeBSD.org>,
	Bosko Milekic <bmilekic@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/bin Makefile src/share/examples/etc make.conf src/usr.bin Makefile
Message-ID: <20020410075713.GA13260@roughtrade.net>
References: <20020410025230.GA8927@roughtrade.net> <200204100318.g3A3IXOF013706@hak.lan.Awfulhak.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200204100318.g3A3IXOF013706@hak.lan.Awfulhak.org>
User-Agent: Mutt/1.3.28i
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Wed, Apr 10, 2002 at 04:18:33AM +0100, Brian Somers wrote:
> > I don't know how standard the practise is, but part of my standard
> > server-hardening procedure is to remove the rsh/rcp tools.  I don't
> > allow my users to even think about risking their use:  they have
> > been fully superseded in functionality in every way by ssh.  I would
> [.....]
> 
> I think ssh needs a ``-c none'' option before it can claim to have 
> superseded rsh.  Until then, ssh isn't the right tool to transfer 
> across a fast, trusted network.

You won't be surprised to learn that it's there, and off by default.
This turns it on, for protocol v1 at any rate:

diff -u -r1.2.2.4 cipher.c
--- crypto/openssh/cipher.c	28 Sep 2001 01:33:33 -0000	1.2.2.4
+++ crypto/openssh/cipher.c	10 Apr 2002 07:25:23 -0000
@@ -425,6 +425,7 @@
 cipher_mask_ssh1(int client)
 {
 	u_int mask = 0;
+	mask |= 1 << SSH_CIPHER_NONE;
 	mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
 	mask |= 1 << SSH_CIPHER_BLOWFISH;
 	if (client) {

That's an argument for something. I'm not sure what ;)

J


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message