From owner-freebsd-arch Fri Sep 1 22: 1: 1 2000 Delivered-To: freebsd-arch@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 9532237B43C; Fri, 1 Sep 2000 22:00:58 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13V5Xl-0000Br-00; Fri, 01 Sep 2000 23:08:41 -0600 Message-ID: <39B08B59.1F00D9FA@softweyr.com> Date: Fri, 01 Sep 2000 23:08:41 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-RC i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: arch@freebsd.org Subject: Re: Enabling sshd by default References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > What say you all to the following patch: > > Index: crypto/openssh/sshd_config > =================================================================== > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > retrieving revision 1.11 > diff -u -r1.11 sshd_config > --- crypto/openssh/sshd_config 2000/09/02 03:49:22 1.11 > +++ crypto/openssh/sshd_config 2000/09/02 04:14:33 > @@ -4,9 +4,10 @@ > > Port 22 > #Protocol 2,1 > +Protocol 2 > #ListenAddress 0.0.0.0 > #ListenAddress :: > -HostKey /etc/ssh/ssh_host_key > +#HostKey /etc/ssh/ssh_host_key > HostDsaKey /etc/ssh/ssh_host_dsa_key > ServerKeyBits 768 > LoginGraceTime 120 > Index: etc/defaults/rc.conf > =================================================================== > RCS file: /home/ncvs/src/etc/defaults/rc.conf,v > retrieving revision 1.77 > diff -u -r1.77 rc.conf > --- etc/defaults/rc.conf 2000/08/18 09:37:50 1.77 > +++ etc/defaults/rc.conf 2000/09/02 04:14:33 > @@ -134,7 +134,7 @@ > pppoed_provider="*" # Provider and ppp(8) config file entry. > pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). > pppoed_interface="fxp0" # The interface that pppoed runs on. > -sshd_enable="NO" # Enable sshd > +sshd_enable="YES" # Enable sshd > sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. > sshd_flags="" # Additional flags for sshd. > > When version 1 mode is disabled, sshd doesn't require any RSA support, and > it will happily work out of the box without configuration. sshd_enable > checks for the existence of the binary before running it, so this will > work fine even if you don't have crypto or OpenSSH installed. > > If I commit the above, my plan is to add back v1 to the default on Sept 21 > along with the change to build RSA for everyone and remove the vestiges of > librsaUSA. If we go ahead with the plans to release a net-only > 4.1.5-RELEASE around that date they'll also go in there. Sounds good to me. Is anyone else planning on RSA-free-day parties? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message