Kris Kennaway <[EMAIL PROTECTED]> writes:
> Does this patch fix the problems people are seeing? It also generates the
> hostkey if it doesnt exist.
>
> Oops, the NO_DESCRYPT line in the /etc/defaults/make.conf patch shouldn't
> be committed yet..I'm still testing that one.
> +# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
> +# so we do it unconditionally on sshd_enable.
> +#
> +if [ ! -f /etc/ssh/ssh_host_key -a -x /usr/bin/ssh-keygen ]; then
> + echo 'generating an SSH host key:'
> + /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
> + echo ' done.'
> +fi
> +
Be careful to only run ssh-keygen if you are confident that the kernel
random number-generator has acquired enough entropy, otherwise you'll
leave the door open for guessing secret keys!
Jordan K. Hubbard <[EMAIL PROTECTED]> writes:
> > +# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
> > +# so we do it unconditionally on sshd_enable.
>
> Are you sure ssh requires a host key? I could have sworn this was
> entirely related to sshd and could thus be lumped into the same
> "if sshd_enable=YES" clause.
Jordan is right about this, sshd requires the private key but ssh
can't even read the key from the file.
Cheers,
Björn
_ _ ,_______________.
Bjorn Gronvall (Björn Grönvall) /_______________/|
Swedish Institute of Computer Science | ||
PO Box 1263, S-164 29 Kista, Sweden | Schroedingers ||
Email: [EMAIL PROTECTED], Phone +46 -8 633 15 25 | Cat |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30 `---------------'
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message