| .. |
|
fakesyslog.tar.gz
|
53519f2c84
enhance fakesyslog for Tru64 compatibility
|
24 vuotta sitten |
|
openssh.spec
|
ea86d8d783
1. "ssh-keysign" has to be setuid root in order to allow "ssh" (which is not setuid root) to read the host keys (which are readable only by root) in SSH2 host based authentication. 2. use an empty subdir for the priviledge separation and make only this one owned by root (as required by Linux)
|
24 vuotta sitten |
|
rc.openssh
|
41d5de1a8b
Switch to l_{s,m,r,n}{usr,grp}.
|
24 vuotta sitten |
|
ssh-askpass
|
8d9f4340cc
support x11-ssh-askpass, too
|
24 vuotta sitten |
|
ssh-keyman
|
b569ce4f38
overhaul ssh-keyman by addressing recently popped up issues
|
24 vuotta sitten |
|
ssh-keyman.1
|
ab6dc2a846
include my ssh-keyman utility
|
24 vuotta sitten |
|
ssh-keyman.pod
|
ab6dc2a846
include my ssh-keyman utility
|
24 vuotta sitten |
|
ssh_config
|
9752b1edbe
- create SSHv2 RSA in addition to SSHv1 RSA server key - generate server keys with 2048 bits instead of 1024 - create ~/.ssh/agent file with mode 600 instead of mode 700 - cleanup ssh_config and sshd_config files - default to "Protocol 2,1" in server and "Protocol 1,2" in client
|
24 vuotta sitten |
|
sshd_config
|
5a5f47a9d7
After longer thinking and comparing what FreeBSD and NetBSD did, finally revert to the old state by kicking out the UsePrivilegeSeparation and Compression default value guessing because: 1. we are predestined to fail in general because we cannot do it correctly by just looking at the platform id. 2. UsePrivilegeSeparation is nice from a paranoid security point of view but OTOH really is too brand-new and internally limits or even breaks the OpenSSH functionality too dramatically. People who are paranoid enough and can live with this can feel free to change the "no" to a "yes" in their sshd_config easily. 3. it is nasty to have a package "openssh" shipping with totally different default configuration (using "UsePrivilegeSeparation yes" makes a large difference under run-time!) on different platforms. This is nasty and we really want a single default config independent of a platform. So, unless "UsePrivilegeSeparation yes" works equally on all our plaforms and without such dramatical restrictions (Compression, PAM, etc) and internal brokeness we will stay with the _default_ config of "UsePrivilegeSeparation no". Once Privilege Separation is really ready for a global deployment, we are happy to enable it by default again.
|
24 vuotta sitten |
Ralf S. Engelschall
ea86d8d783
1. "ssh-keysign" has to be setuid root in order to allow "ssh" (which is not setuid root) to read the host keys (which are readable only by root) in SSH2 host based authentication. 2. use an empty subdir for the priviledge separation and make only this one owned by root (as required by Linux)