[Bug 202153] [PATCH] set ssh-keygen flags in rc.conf for rc.d/sshd
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Aug 7 08:32:57 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202153
milios at ccsys.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |milios at ccsys.com
--- Comment #2 from milios at ccsys.com ---
The current variable names as they sit could be considered a security
vulnerability since $sshd_rsa1_enable and $sshd_dsa_enable sure sound like they
control use of RSA1 and DSA in sshd but actually they do not and setting any
such variables to "NO" or "-b 4096" will not have the expected result if sshd
was once ever run before.
I think it's important we deprecate those names in favor of clearer ones and
add quality description to defaults/rc.conf. Heck, committer, maybe even go
ahead and throw a blank line before and after that block of sshd_ lines please
since it's now 13 lines instead of 3.
Thanks greatly for your time and consideration. Let me know if I should add a
patch for man rc.conf(5) as well and I will go figure out how to work the
mandoc or nroff or troff or whatever. I am hoping perhaps someone can lead me
by copying my comments in this new defaults/rc.conf into man rc.conf(5) as well
or tell me how that's done neatly.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list