Date: Wed, 10 Apr 2002 17:57:13 +1000 From: Joshua Goodall <joshua@roughtrade.net> To: Brian Somers <brian@freebsd-services.com> Cc: David O'Brien <obrien@FreeBSD.org>, Bosko Milekic <bmilekic@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/bin Makefile src/share/examples/etc make.conf src/usr.bin Makefile Message-ID: <20020410075713.GA13260@roughtrade.net> In-Reply-To: <200204100318.g3A3IXOF013706@hak.lan.Awfulhak.org> References: <20020410025230.GA8927@roughtrade.net> <200204100318.g3A3IXOF013706@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 10, 2002 at 04:18:33AM +0100, Brian Somers wrote: > > I don't know how standard the practise is, but part of my standard > > server-hardening procedure is to remove the rsh/rcp tools. I don't > > allow my users to even think about risking their use: they have > > been fully superseded in functionality in every way by ssh. I would > [.....] > > I think ssh needs a ``-c none'' option before it can claim to have > superseded rsh. Until then, ssh isn't the right tool to transfer > across a fast, trusted network. You won't be surprised to learn that it's there, and off by default. This turns it on, for protocol v1 at any rate: diff -u -r1.2.2.4 cipher.c --- crypto/openssh/cipher.c 28 Sep 2001 01:33:33 -0000 1.2.2.4 +++ crypto/openssh/cipher.c 10 Apr 2002 07:25:23 -0000 @@ -425,6 +425,7 @@ cipher_mask_ssh1(int client) { u_int mask = 0; + mask |= 1 << SSH_CIPHER_NONE; mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ mask |= 1 << SSH_CIPHER_BLOWFISH; if (client) { That's an argument for something. I'm not sure what ;) J To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020410075713.GA13260>