Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 2 Sep 2000 01:49:52 -0400 (EDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Kris Kennaway <kris@FreeBSD.org>
Cc:        arch@FreeBSD.org
Subject:   Re: Enabling sshd by default
Message-ID:  <Pine.NEB.3.96L.1000902014843.38524L-100000@fledge.watson.org>
In-Reply-To: <Pine.BSF.4.21.0009012116200.76245-100000@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

Hmm.  Trouble is, it will disable ssh1 in existing installations, where it
is widely deployed and may result in unhapiness.  I'd rather we just
waited until Sept 21 and did this, and not turn off protocol 1 by default
just yet.  Especially given that just this morning I ran into protocol 2
compatibility problems (that I haven't had a chance to track down, but
it's irritating at best)


  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

On Fri, 1 Sep 2000, Kris Kennaway wrote:

> What say you all to the following patch:
> 
> Index: crypto/openssh/sshd_config
> ===================================================================
> RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
> retrieving revision 1.11
> diff -u -r1.11 sshd_config
> --- crypto/openssh/sshd_config	2000/09/02 03:49:22	1.11
> +++ crypto/openssh/sshd_config	2000/09/02 04:14:33
> @@ -4,9 +4,10 @@
>  
>  Port 22
>  #Protocol 2,1
> +Protocol 2
>  #ListenAddress 0.0.0.0
>  #ListenAddress ::
> -HostKey /etc/ssh/ssh_host_key
> +#HostKey /etc/ssh/ssh_host_key
>  HostDsaKey /etc/ssh/ssh_host_dsa_key
>  ServerKeyBits 768
>  LoginGraceTime 120
> Index: etc/defaults/rc.conf
> ===================================================================
> RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
> retrieving revision 1.77
> diff -u -r1.77 rc.conf
> --- etc/defaults/rc.conf	2000/08/18 09:37:50	1.77
> +++ etc/defaults/rc.conf	2000/09/02 04:14:33
> @@ -134,7 +134,7 @@
>  pppoed_provider="*"		# Provider and ppp(8) config file entry.
>  pppoed_flags="-P /var/run/pppoed.pid"	# Flags to pppoed (if enabled).
>  pppoed_interface="fxp0"		# The interface that pppoed runs on.
> -sshd_enable="NO"                # Enable sshd
> +sshd_enable="YES"               # Enable sshd
>  sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
>  sshd_flags=""                   # Additional flags for sshd.
>  
> When version 1 mode is disabled, sshd doesn't require any RSA support, and
> it will happily work out of the box without configuration. sshd_enable
> checks for the existence of the binary before running it, so this will
> work fine even if you don't have crypto or OpenSSH installed.
> 
> If I commit the above, my plan is to add back v1 to the default on Sept 21
> along with the change to build RSA for everyone and remove the vestiges of
> librsaUSA. If we go ahead with the plans to release a net-only
> 4.1.5-RELEASE around that date they'll also go in there.
> 
> Kris
> 
> --
> In God we Trust -- all others must submit an X.509 certificate.
>     -- Charles Forsythe <forsythe@alum.mit.edu>
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000902014843.38524L-100000>