From owner-freebsd-security Mon Jan 22 09:49:30 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA01100 for security-outgoing; Mon, 22 Jan 1996 09:49:30 -0800 (PST) Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA01092 for ; Mon, 22 Jan 1996 09:49:27 -0800 (PST) Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id KAA22368; Mon, 22 Jan 1996 10:50:21 -0700 Date: Mon, 22 Jan 1996 10:50:21 -0700 From: Nate Williams Message-Id: <199601221750.KAA22368@rocky.sri.MT.net> To: Paul Richards Cc: security@FreeBSD.org Subject: Re: ssh /etc config files location.. In-Reply-To: <199601221704.RAA09129@cadair.elsevier.co.uk> References: <199601221615.JAA21985@rocky.sri.MT.net> <199601221704.RAA09129@cadair.elsevier.co.uk> Sender: owner-security@FreeBSD.org Precedence: bulk > The fact that the ssh files are *host specific* is a far more important > consideration. They should therefore be in a *genuinely* local part > of the filesystem. That's what I was trying to say. Basically, they ssh config files (most notably the keys) are host-specific, so they must exist in a host-specific portion of the disk. > > > I disagree with proposed solution (moving configs only to /etc). > > > > I agree. > > I disagree with /etc. These are not configuration files, they are > runtime modifiable files and should go in /var. Huh? They are most certainly configuration files. The public/private keys as well as ssh_config and sshd_config are not (any more so than any other config file ) runtime modifiable once they are initially installed, and once they are installed (as with any configuration file) they shouldn't be touched, unlike the files in /var/run. Now, sshd.pid is a file that should get stuck in /var/run, but I think we'd all agree on that move. Nate