Date: Wed, 10 Apr 2002 17:57:13 +1000 From: Joshua Goodall <joshua@roughtrade.net> To: Brian Somers <brian@freebsd-services.com> Cc: David O'Brien <obrien@FreeBSD.org>, Bosko Milekic <bmilekic@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/bin Makefile src/share/examples/etc make.conf src/usr.bin Makefile Message-ID: <20020410075713.GA13260@roughtrade.net> In-Reply-To: <200204100318.g3A3IXOF013706@hak.lan.Awfulhak.org> References: <20020410025230.GA8927@roughtrade.net> <200204100318.g3A3IXOF013706@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 10, 2002 at 04:18:33AM +0100, Brian Somers wrote:
> > I don't know how standard the practise is, but part of my standard
> > server-hardening procedure is to remove the rsh/rcp tools. I don't
> > allow my users to even think about risking their use: they have
> > been fully superseded in functionality in every way by ssh. I would
> [.....]
>
> I think ssh needs a ``-c none'' option before it can claim to have
> superseded rsh. Until then, ssh isn't the right tool to transfer
> across a fast, trusted network.
You won't be surprised to learn that it's there, and off by default.
This turns it on, for protocol v1 at any rate:
diff -u -r1.2.2.4 cipher.c
--- crypto/openssh/cipher.c 28 Sep 2001 01:33:33 -0000 1.2.2.4
+++ crypto/openssh/cipher.c 10 Apr 2002 07:25:23 -0000
@@ -425,6 +425,7 @@
cipher_mask_ssh1(int client)
{
u_int mask = 0;
+ mask |= 1 << SSH_CIPHER_NONE;
mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
mask |= 1 << SSH_CIPHER_BLOWFISH;
if (client) {
That's an argument for something. I'm not sure what ;)
J
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020410075713.GA13260>