On Sat, 04 Jan 2014 12:49:42 +0200 Alan McKinnon <alan.mckin...@gmail.com> wrote:
> On 04/01/2014 12:24, Gevisz wrote: > > > > After today's update of the world, emerge printed the following > > message: > > > > * Messages for package net-misc/openssh-6.4_p1-r1: > > * dev-libs/openssl was built with 'bindist' - disabling ecdsa > > support > > * Remember to merge your config files in /etc/ssh/ and then > > * reload sshd: '/etc/init.d/sshd reload'. > > > > That was quite a surprise for me, as I never installed (open)ssh > > and it is not in my world. > > > > After the following query: > > > > # equery depends --indirect openssh > > > > I have got the following: > > > > * These packages depend on openssh: > > gnome-base/gvfs-1.16.4 (net-misc/openssh) > > app-cdr/brasero-3.8.0 (gnome-base/gvfs) > > media-gfx/gthumb-3.2.4 (cdr ? >=app-cdr/brasero-3.2) > > app-editors/gedit-3.8.3 (gnome-base/gvfs) > > gnome-base/nautilus-3.8.2 (>=gnome-base/gvfs-1.14[gtk]) > > app-cdr/brasero-3.8.0 (nautilus ? >=gnome-base/nautilus-2.91.90) > > app-text/evince-3.8.3 (nautilus ? > > >=gnome-base/nautilus-2.91.4[introspection?]) > > gnome-extra/sushi-3.8.1 (>=app-text/evince-3.0[introspection]) > > gnome-base/nautilus-3.8.2 (previewer ? >=gnome-extra/sushi-0.1.9) > > gnome-extra/sushi-3.8.1 (>=gnome-base/nautilus-3.1.90) > > media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs) > > app-doc/gimp-help-2.6.1 (>=media-gfx/gimp-2.4) > > media-gfx/dcraw-9.10 (gimp ? media-gfx/gimp) media-gfx/gthumb-3.2.4 > > (!raw ? media-gfx/dcraw) xfce-base/thunar-1.6.2 (dbus ? > > >=gnome-base/gvfs-1.10.1) (udev ? > > >=gnome-base/gvfs-1.10.1[udisks,udev]) (udev ? > > >=gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ? > > >=gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ? > > >=xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10 > > (>=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ? > > net-misc/openssh) (!minimal ? net-misc/openssh) > > > > Inspecting my /etc/conf.d and /etc/init.d directories, > > I have found sshd files in both of them. > > > > So, my main question is as follows: > > > > Do I really need (open)sshd and, if no, how can I properly disable > > (open)sshd in my Gentoo box? > > If you have gvfs, you will have openssh, presumably so you can access > remote files over ssh. > > Why do you want to disable the daemon? Just don't run it. As, I have just found out by running "rc-update show", sshd does not run. So, in this respect everything is ok, thank you. :) > openssh is extremely useful for many reasons, you really don't want to > not have it. The package has the client and daemons, just don;t run > the sshd daemon > > > > > I guess that one of the ways to disable (open)sshd is to make > > /etc/init.d/sshd file unexacutable, but is it a clean way to do so? > > No, that's dumb. It gets reset every time openssh is updated. > > Just don't run it. It doesn't magically start by itself. If it's > security you are worried about, there are 100s of packages much more > troublesome, openssh is not something you should be worried about wrt > security. Just don't run the daemon. Yes, I was worried because of the security reasons. > > May be, it is relevant to this question that, in the future, > > I am going to employ the distributed compiling feature for > > this and another Gentoo box on the same local network. > > Not relevant. distcc has it's own listening daemon and doesn't > use ssh for file transfer Ok, thank you. > > The additional my question is as follows: > > > > What I am supposed to do in response to the "merge your config files > > in /etc/ssh/" message above? > > etc-update or conf-update or similar I was afraid to run etc-update as man says it will replace everything automatically. However, I run dispatch-conf and it does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Actually, I also do not see any problems with this and do not understand how I can "merge" them. Why, on Earth, I have got that "merge your config files in /etc/ssh/" message from net-misc/openssh-6.4_p1-r1, then? > The ebuild has a dumbass elog() statement in it which you don't really > need to be there, as you should be running conf-update anyway after > every emerge right? Till now, I have always updated my configs manually using gvimdiff and did know nothing about conf-update, etc-update or dispatch-conf tools. The conf-update even have not been installed on my system. Do you think I should try it?
