From owner-freebsd-arch Fri Sep 1 21:22:58 2000 Delivered-To: freebsd-arch@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4A7CD37B422 for ; Fri, 1 Sep 2000 21:22:56 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id VAA77093 for ; Fri, 1 Sep 2000 21:22:56 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 1 Sep 2000 21:22:55 -0700 (PDT) From: Kris Kennaway To: arch@freebsd.org Subject: Enabling sshd by default Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG What say you all to the following patch: Index: crypto/openssh/sshd_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v retrieving revision 1.11 diff -u -r1.11 sshd_config --- crypto/openssh/sshd_config 2000/09/02 03:49:22 1.11 +++ crypto/openssh/sshd_config 2000/09/02 04:14:33 @@ -4,9 +4,10 @@ Port 22 #Protocol 2,1 +Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: -HostKey /etc/ssh/ssh_host_key +#HostKey /etc/ssh/ssh_host_key HostDsaKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 120 Index: etc/defaults/rc.conf =================================================================== RCS file: /home/ncvs/src/etc/defaults/rc.conf,v retrieving revision 1.77 diff -u -r1.77 rc.conf --- etc/defaults/rc.conf 2000/08/18 09:37:50 1.77 +++ etc/defaults/rc.conf 2000/09/02 04:14:33 @@ -134,7 +134,7 @@ pppoed_provider="*" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). pppoed_interface="fxp0" # The interface that pppoed runs on. -sshd_enable="NO" # Enable sshd +sshd_enable="YES" # Enable sshd sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. When version 1 mode is disabled, sshd doesn't require any RSA support, and it will happily work out of the box without configuration. sshd_enable checks for the existence of the binary before running it, so this will work fine even if you don't have crypto or OpenSSH installed. If I commit the above, my plan is to add back v1 to the default on Sept 21 along with the change to build RSA for everyone and remove the vestiges of librsaUSA. If we go ahead with the plans to release a net-only 4.1.5-RELEASE around that date they'll also go in there. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message