Date: Mon, 22 Jan 1996 17:14:24 +0800 (WST) From: Peter Wemm <peter@jhome.DIALix.COM> To: ports@freebsd.org Subject: ssh /etc config files location.. Message-ID: <Pine.BSF.3.91.960122165925.395E-100000@jhome.DIALix.COM>
next in thread | raw e-mail | index | archive | help
Hi all... I am still somewhat disturbed with the location of some rather critical "per site" info from ssh in /usr/local/etc.. Specifically the ssh host secret keys, and the per-site config files. This is (IMHO) rather dangerous. If you NFS mount /usr/local, this will screw you rather badly. There are precedents against this too.. gated keeps it's config files in /etc. In my email exchanges with the SSH authors, they expressed suprise and then concern about FreeBSD doing this.. (I offered the make-known-hosts patch back to them). The make-known-hosts.pl patch is wrong, because it needs to get the /etc/ssh_host_key.pub from all hosts, not just freebsd ones. The original version works because /etc is architecture independent, and the one thing that all Unix hosts have in common. Things like the mailcap file is fine to be there in /usr/local/etc, IMHO. "Vital" per-host security-sensative stuff should not be. I'd like to undo the patches that do this... Does anybody want to try and convince me otherwise? :-) Cheers, -Peter PS: IMHO, it was a mistake adding the BUILD_DEPENDS in wish and perl5. it build's fine without them. It seems silly to require X11 to be installed in order to build the port..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960122165925.395E-100000>