Date: Sat, 29 Sep 2001 07:31:45 +0000 From: Tony Finch <dot@dotat.at> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/30907: Message-ID: <E15nEbB-0000Ja-00@hand.dotat.at>
next in thread | raw e-mail | index | archive | help
>Number: 30907 >Category: bin >Synopsis: >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 29 00:40:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Tony Finch >Release: FreeBSD 4.4-STABLE-20010916-20010924-20010928 i386 >Organization: dotat labs >Environment: System: FreeBSD hand.dotat.at 4.4-STABLE-20010928 FreeBSD 4.4-STABLE-20010928 #7: Sat Sep 29 00:37:30 GMT 2001 fanf@hand.dotat.at:/FreeBSD/obj/FreeBSD/releng4/sys/SHARP i386 >Description: Some of the configuration defaults mentioned in ssh.1 and sshd.8 are incorrect with respect to the code. There are a few oddities too: the code seems unsure about the difference between ChallengeResponseAuthentication and KbdInteractiveAuthentication (which seems to be a partial alias for the former if you use protocol 2); ssh recognises /etc/ssh/ssh_host_rsa_key but sshd doesn't; the version addendum option isn't documented. >How-To-Repeat: >Fix: Index: ssh.1 =================================================================== RCS file: /home/ncvs/src/crypto/openssh/ssh.1,v retrieving revision 1.4.2.8 diff -u -r1.4.2.8 ssh.1 --- ssh.1 2001/09/28 01:33:35 1.4.2.8 +++ ssh.1 2001/09/29 06:16:46 @@ -681,7 +681,7 @@ .Dq no , the check will not be executed. The default is -.Dq yes . +.Dq no . .It Cm Cipher Specifies the cipher to use for encrypting the session in protocol version 1. @@ -795,7 +795,7 @@ or .Dq no . The default is -.Dq yes . +.Dq no . This option applies to protocol version 2 only and is similar to .Cm RhostsRSAAuthentication . @@ -1099,6 +1099,8 @@ The argument must be .Dq yes or +.Dq no . +The default is .Dq no . .It Cm XAuthLocation Specifies the location of the Index: sshd.8 =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd.8,v retrieving revision 1.5.2.7 diff -u -r1.5.2.7 sshd.8 --- sshd.8 2001/09/28 01:33:35 1.5.2.7 +++ sshd.8 2001/09/29 07:29:45 @@ -785,6 +785,12 @@ is never used for remote command execution. The default is .Dq no . +.It Cm VersionAddendum +Alters the version string that +.Nm sshd +supplies to clients when they connect. +By default, this string includes the operating system name +and version information. .It Cm X11DisplayOffset Specifies the first display number available for .Nm sshd Ns 's @@ -796,7 +802,7 @@ .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. The default is -.Dq no . +.Dq yes . Note that disabling X11 forwarding does not improve security in any way, as users can always install their own forwarders. .It Cm XAuthLocation >Release-Note: >Audit-Trail: >Unformatted: [PATCH] ssh configuration oddities To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E15nEbB-0000Ja-00>