Date: Fri, 01 Sep 2000 23:08:41 -0600 From: Wes Peters <wes@softweyr.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: arch@freebsd.org Subject: Re: Enabling sshd by default Message-ID: <39B08B59.1F00D9FA@softweyr.com> References: <Pine.BSF.4.21.0009012116200.76245-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote:
>
> What say you all to the following patch:
>
> Index: crypto/openssh/sshd_config
> ===================================================================
> RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
> retrieving revision 1.11
> diff -u -r1.11 sshd_config
> --- crypto/openssh/sshd_config 2000/09/02 03:49:22 1.11
> +++ crypto/openssh/sshd_config 2000/09/02 04:14:33
> @@ -4,9 +4,10 @@
>
> Port 22
> #Protocol 2,1
> +Protocol 2
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> -HostKey /etc/ssh/ssh_host_key
> +#HostKey /etc/ssh/ssh_host_key
> HostDsaKey /etc/ssh/ssh_host_dsa_key
> ServerKeyBits 768
> LoginGraceTime 120
> Index: etc/defaults/rc.conf
> ===================================================================
> RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
> retrieving revision 1.77
> diff -u -r1.77 rc.conf
> --- etc/defaults/rc.conf 2000/08/18 09:37:50 1.77
> +++ etc/defaults/rc.conf 2000/09/02 04:14:33
> @@ -134,7 +134,7 @@
> pppoed_provider="*" # Provider and ppp(8) config file entry.
> pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
> pppoed_interface="fxp0" # The interface that pppoed runs on.
> -sshd_enable="NO" # Enable sshd
> +sshd_enable="YES" # Enable sshd
> sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
> sshd_flags="" # Additional flags for sshd.
>
> When version 1 mode is disabled, sshd doesn't require any RSA support, and
> it will happily work out of the box without configuration. sshd_enable
> checks for the existence of the binary before running it, so this will
> work fine even if you don't have crypto or OpenSSH installed.
>
> If I commit the above, my plan is to add back v1 to the default on Sept 21
> along with the change to build RSA for everyone and remove the vestiges of
> librsaUSA. If we go ahead with the plans to release a net-only
> 4.1.5-RELEASE around that date they'll also go in there.
Sounds good to me. Is anyone else planning on RSA-free-day parties?
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39B08B59.1F00D9FA>