Date: Fri, 07 Aug 2015 08:32:57 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 202153] [PATCH] set ssh-keygen flags in rc.conf for rc.d/sshd Message-ID: <bug-202153-8-ZUgVWxzSsg@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-202153-8@https.bugs.freebsd.org/bugzilla/> References: <bug-202153-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202153 milios@ccsys.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |milios@ccsys.com --- Comment #2 from milios@ccsys.com --- The current variable names as they sit could be considered a security vulnerability since $sshd_rsa1_enable and $sshd_dsa_enable sure sound like they control use of RSA1 and DSA in sshd but actually they do not and setting any such variables to "NO" or "-b 4096" will not have the expected result if sshd was once ever run before. I think it's important we deprecate those names in favor of clearer ones and add quality description to defaults/rc.conf. Heck, committer, maybe even go ahead and throw a blank line before and after that block of sshd_ lines please since it's now 13 lines instead of 3. Thanks greatly for your time and consideration. Let me know if I should add a patch for man rc.conf(5) as well and I will go figure out how to work the mandoc or nroff or troff or whatever. I am hoping perhaps someone can lead me by copying my comments in this new defaults/rc.conf into man rc.conf(5) as well or tell me how that's done neatly. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202153-8-ZUgVWxzSsg>