Re: [gentoo-user] Do I really need a sshd?
On Sun, 5 Jan 2014 10:16:20 + Neil Bothwick n...@digimed.co.uk wrote: On Sun, 5 Jan 2014 11:36:20 +0200, Gevisz wrote: I was afraid to run etc-update as man says it will replace everything automatically. However, I run dispatch-conf and it does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Why did you do that? By masking out config file protection for /etc/ssh there will never be anything to be managed by etc-update as you have told portage to replace those files blindly and without asking. From man dispatch-conf: CONFIG_PROTECT_MASK is a make.conf setting, read that man page. It means your config files are overwritten at install time, way be for you run dispatch-conf or one of its friends. The man page for make.conf actually refers to the CONFIGURATION FILES section of emerge man page. There, indeed, everything explained very clearly and in details. However, it does not work so for my system. Thus, I have the following settings $ echo $CONFIG_PROTECT /usr/share/gnupg/qualified.txt $ echo $CONFIG_PROTECT_MASK /etc/gentoo-release /etc/sandbox.d /etc/fonts/fonts.conf /etc/terminfo /etc/dconf /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild but, nevertheless, I see the usual protected behavior for all config files in my /etc directory and its subdirectories, that is, instead of overriding them while running emerge world, the system creates the corresponding ._cfg_* files. And this, in my view, contradicts with the following statement from emerge man pages: Protected directories are set using the CONFIG_PROTECT variable, as in my case /etc have not been set in my CONFIG_PROTECT variable. dispatch-conf will check all directories in the CONFIG_PROTECT variable. All config files found in CONFIG_PROTECT_MASK will automatically be updated for you by dispatch-conf. 3) I will continue to do this job manually with gvimdiff as I have found it much more convenient than dispatch-conf (gvimdiff shows the differences a way much better). I prefer conf-update but most of these tools allow you to specify your own diff program if you don't like the default. I use colordiff with conf-update. Ok, thank you. I will try some of these tools together with gvimdiff when I will have to update my config files in the future.
Re: [gentoo-user] Do I really need a sshd?
On Sun, 05 Jan 2014 14:51:21 +0100 Volker Armin Hemmann volkerar...@googlemail.com wrote: Am 05.01.2014 11:04, schrieb Peter Humphrey: On Sunday 05 Jan 2014 11:36:20 Gevisz wrote: From man dispatch-conf: dispatch-conf will check all directories in the CONFIG_PROTECT variable. All config files found in CONFIG_PROTECT_MASK will automatically be updated for you by dispatch-conf. Have you tried another updater of config files? I still use the basic etc- update, but there are also app-portage/cfg-update and app-portage/conf-update. You might feel happier with one of those three. I am using cfg-update for years without problems whatsoever. Thank you, I will try it once more.
Re: [gentoo-user] Do I really need a sshd?
On Sun, 05 Jan 2014 10:04:54 + Peter Humphrey pe...@prh.myzen.co.uk wrote: On Sunday 05 Jan 2014 11:36:20 Gevisz wrote: From man dispatch-conf: dispatch-conf will check all directories in the CONFIG_PROTECT variable. All config files found in CONFIG_PROTECT_MASK will automatically be updated for you by dispatch-conf. Have you tried another updater of config files? I still use the basic etc- update, but there are also app-portage/cfg-update and app-portage/conf-update. You might feel happier with one of those three. Thank you, I will try them all when I will have to update my config files.
Re: [gentoo-user] Do I really need a sshd?
On Mon, 6 Jan 2014 23:50:02 +0200, Gevisz wrote: On Sun, 5 Jan 2014 10:16:20 + Neil Bothwick n...@digimed.co.uk wrote: CONFIG_PROTECT_MASK is a make.conf setting, read that man page. It means your config files are overwritten at install time, way be for you run dispatch-conf or one of its friends. The man page for make.conf actually refers to the CONFIGURATION FILES section of emerge man page. There, indeed, everything explained very clearly and in details. However, it does not work so for my system. Thus, I have the following settings $ echo $CONFIG_PROTECT /usr/share/gnupg/qualified.txt CONFIG_PROTECT is not a global environment variable. Also, variables like this are not only set in make.conf but in profiles and even on the command line. Read man portage for more detail. The correct way to see what settings are in place is to run emerge --info emerge --info | grep CONFIG_PROTECT And this, in my view, contradicts with the following statement from emerge man pages: Protected directories are set using the CONFIG_PROTECT variable, as in my case /etc have not been set in my CONFIG_PROTECT variable. See above. /etc is protected in the base profile, inherited by all others. -- Neil Bothwick Logic will get you from A to B. Imagination will take you everywhere. (Albert Einstein) signature.asc Description: PGP signature
Re: [gentoo-user] Do I really need a sshd?
On Sat, 4 Jan 2014 22:12:42 + Neil Bothwick n...@digimed.co.uk wrote: On Sat, 4 Jan 2014 15:57:10 +0200, Gevisz wrote: etc-update or conf-update or similar I was afraid to run etc-update as man says it will replace everything automatically. However, I run dispatch-conf and it does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Why did you do that? By masking out config file protection for /etc/ssh there will never be anything to be managed by etc-update as you have told portage to replace those files blindly and without asking. From man dispatch-conf: dispatch-conf will check all directories in the CONFIG_PROTECT variable. All config files found in CONFIG_PROTECT_MASK will automatically be updated for you by dispatch-conf. But anyway, 1) I mask it only for one session, just to check that this does not help, 2) as we have already figured out, there were no ssh config files to merge, only the dumb warning message issued without checking anything, and the latter, in my view, is a karma of ssh: it should have at least something implemented wrong :-) 3) I will continue to do this job manually with gvimdiff as I have found it much more convenient than dispatch-conf (gvimdiff shows the differences a way much better).
Re: [gentoo-user] Do I really need a sshd?
On Sunday 05 Jan 2014 11:36:20 Gevisz wrote: From man dispatch-conf: dispatch-conf will check all directories in the CONFIG_PROTECT variable. All config files found in CONFIG_PROTECT_MASK will automatically be updated for you by dispatch-conf. Have you tried another updater of config files? I still use the basic etc- update, but there are also app-portage/cfg-update and app-portage/conf-update. You might feel happier with one of those three. -- Regards Peter
Re: [gentoo-user] Do I really need a sshd?
On Sun, 5 Jan 2014 11:36:20 +0200, Gevisz wrote: I was afraid to run etc-update as man says it will replace everything automatically. However, I run dispatch-conf and it does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Why did you do that? By masking out config file protection for /etc/ssh there will never be anything to be managed by etc-update as you have told portage to replace those files blindly and without asking. From man dispatch-conf: CONFIG_PROTECT_MASK is a make.conf setting, read that man page. It means your config files are overwritten at install time, way be for you run dispatch-conf or one of its friends. dispatch-conf will check all directories in the CONFIG_PROTECT variable. All config files found in CONFIG_PROTECT_MASK will automatically be updated for you by dispatch-conf. 3) I will continue to do this job manually with gvimdiff as I have found it much more convenient than dispatch-conf (gvimdiff shows the differences a way much better). I prefer conf-update but most of these tools allow you to specify your own diff program if you don't like the default. I use colordiff with conf-update. -- Neil Bothwick Money can't buy happiness. But it sure makes misery easier to live with. signature.asc Description: PGP signature
Re: [gentoo-user] Do I really need a sshd?
Am 05.01.2014 11:04, schrieb Peter Humphrey: On Sunday 05 Jan 2014 11:36:20 Gevisz wrote: From man dispatch-conf: dispatch-conf will check all directories in the CONFIG_PROTECT variable. All config files found in CONFIG_PROTECT_MASK will automatically be updated for you by dispatch-conf. Have you tried another updater of config files? I still use the basic etc- update, but there are also app-portage/cfg-update and app-portage/conf-update. You might feel happier with one of those three. I am using cfg-update for years without problems whatsoever.
Re: [gentoo-user] Do I really need a sshd?
On Sat, 04 Jan 2014 14:45:33 +0400 the the.gu...@mail.ru wrote: On 01/04/14 14:24, Gevisz wrote: After today's update of the world, emerge printed the following message: * Messages for package net-misc/openssh-6.4_p1-r1: * dev-libs/openssl was built with 'bindist' - disabling ecdsa support * Remember to merge your config files in /etc/ssh/ and then * reload sshd: '/etc/init.d/sshd reload'. That was quite a surprise for me, as I never installed (open)ssh and it is not in my world. After the following query: # equery depends --indirect openssh I have got the following: * These packages depend on openssh: gnome-base/gvfs-1.16.4 (net-misc/openssh) app-cdr/brasero-3.8.0 (gnome-base/gvfs) media-gfx/gthumb-3.2.4 (cdr ? =app-cdr/brasero-3.2) app-editors/gedit-3.8.3 (gnome-base/gvfs) gnome-base/nautilus-3.8.2 (=gnome-base/gvfs-1.14[gtk]) app-cdr/brasero-3.8.0 (nautilus ? =gnome-base/nautilus-2.91.90) app-text/evince-3.8.3 (nautilus ? =gnome-base/nautilus-2.91.4[introspection?]) gnome-extra/sushi-3.8.1 (=app-text/evince-3.0[introspection]) gnome-base/nautilus-3.8.2 (previewer ? =gnome-extra/sushi-0.1.9) gnome-extra/sushi-3.8.1 (=gnome-base/nautilus-3.1.90) media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs) app-doc/gimp-help-2.6.1 (=media-gfx/gimp-2.4) media-gfx/dcraw-9.10 (gimp ? media-gfx/gimp) media-gfx/gthumb-3.2.4 (!raw ? media-gfx/dcraw) xfce-base/thunar-1.6.2 (dbus ? =gnome-base/gvfs-1.10.1) (udev ? =gnome-base/gvfs-1.10.1[udisks,udev]) (udev ? =gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ? =gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ? =xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10 (=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ? net-misc/openssh) (!minimal ? net-misc/openssh) Inspecting my /etc/conf.d and /etc/init.d directories, I have found sshd files in both of them. So, my main question is as follows: Do I really need (open)sshd and, if no, how can I properly disable (open)sshd in my Gentoo box? I guess that one of the ways to disable (open)sshd is to make /etc/init.d/sshd file unexacutable, but is it a clean way to do so? Why not reconfigure your init system. For example in the case of openrc: rc-update delete sshd Thank you for pointing out to the right command. The rc-update show shows that sshd does not run. So, in this respect, everything is ok. :-) The additional my question is as follows: What I am supposed to do in response to the merge your config files in /etc/ssh/ message above? Run dispatch-conf i guess. Thank you, but dispatch-conf does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Actually, I also do not see any problems with this and do not understand how I can merge them. Why, on Earth, I have got that merge your config files in /etc/ssh/ message from net-misc/openssh-6.4_p1-r1, then?
Re: [gentoo-user] Do I really need a sshd?
On Sat, 04 Jan 2014 12:49:42 +0200 Alan McKinnon alan.mckin...@gmail.com wrote: On 04/01/2014 12:24, Gevisz wrote: After today's update of the world, emerge printed the following message: * Messages for package net-misc/openssh-6.4_p1-r1: * dev-libs/openssl was built with 'bindist' - disabling ecdsa support * Remember to merge your config files in /etc/ssh/ and then * reload sshd: '/etc/init.d/sshd reload'. That was quite a surprise for me, as I never installed (open)ssh and it is not in my world. After the following query: # equery depends --indirect openssh I have got the following: * These packages depend on openssh: gnome-base/gvfs-1.16.4 (net-misc/openssh) app-cdr/brasero-3.8.0 (gnome-base/gvfs) media-gfx/gthumb-3.2.4 (cdr ? =app-cdr/brasero-3.2) app-editors/gedit-3.8.3 (gnome-base/gvfs) gnome-base/nautilus-3.8.2 (=gnome-base/gvfs-1.14[gtk]) app-cdr/brasero-3.8.0 (nautilus ? =gnome-base/nautilus-2.91.90) app-text/evince-3.8.3 (nautilus ? =gnome-base/nautilus-2.91.4[introspection?]) gnome-extra/sushi-3.8.1 (=app-text/evince-3.0[introspection]) gnome-base/nautilus-3.8.2 (previewer ? =gnome-extra/sushi-0.1.9) gnome-extra/sushi-3.8.1 (=gnome-base/nautilus-3.1.90) media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs) app-doc/gimp-help-2.6.1 (=media-gfx/gimp-2.4) media-gfx/dcraw-9.10 (gimp ? media-gfx/gimp) media-gfx/gthumb-3.2.4 (!raw ? media-gfx/dcraw) xfce-base/thunar-1.6.2 (dbus ? =gnome-base/gvfs-1.10.1) (udev ? =gnome-base/gvfs-1.10.1[udisks,udev]) (udev ? =gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ? =gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ? =xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10 (=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ? net-misc/openssh) (!minimal ? net-misc/openssh) Inspecting my /etc/conf.d and /etc/init.d directories, I have found sshd files in both of them. So, my main question is as follows: Do I really need (open)sshd and, if no, how can I properly disable (open)sshd in my Gentoo box? If you have gvfs, you will have openssh, presumably so you can access remote files over ssh. Why do you want to disable the daemon? Just don't run it. As, I have just found out by running rc-update show, sshd does not run. So, in this respect everything is ok, thank you. :) openssh is extremely useful for many reasons, you really don't want to not have it. The package has the client and daemons, just don;t run the sshd daemon I guess that one of the ways to disable (open)sshd is to make /etc/init.d/sshd file unexacutable, but is it a clean way to do so? No, that's dumb. It gets reset every time openssh is updated. Just don't run it. It doesn't magically start by itself. If it's security you are worried about, there are 100s of packages much more troublesome, openssh is not something you should be worried about wrt security. Just don't run the daemon. Yes, I was worried because of the security reasons. May be, it is relevant to this question that, in the future, I am going to employ the distributed compiling feature for this and another Gentoo box on the same local network. Not relevant. distcc has it's own listening daemon and doesn't use ssh for file transfer Ok, thank you. The additional my question is as follows: What I am supposed to do in response to the merge your config files in /etc/ssh/ message above? etc-update or conf-update or similar I was afraid to run etc-update as man says it will replace everything automatically. However, I run dispatch-conf and it does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Actually, I also do not see any problems with this and do not understand how I can merge them. Why, on Earth, I have got that merge your config files in /etc/ssh/ message from net-misc/openssh-6.4_p1-r1, then? The ebuild has a dumbass elog() statement in it which you don't really need to be there, as you should be running conf-update anyway after every emerge right? Till now, I have always updated my configs manually using gvimdiff and did know nothing about conf-update, etc-update or dispatch-conf tools. The conf-update even have not been installed on my system. Do you think I should try it?
Re: [gentoo-user] Do I really need a sshd?
On 04/01/2014 15:57, Gevisz wrote:
On Sat, 04 Jan 2014 12:49:42 +0200
Alan McKinnon alan.mckin...@gmail.com wrote:
On 04/01/2014 12:24, Gevisz wrote:
After today's update of the world, emerge printed the following
message:
* Messages for package net-misc/openssh-6.4_p1-r1:
* dev-libs/openssl was built with 'bindist' - disabling ecdsa
support
* Remember to merge your config files in /etc/ssh/ and then
* reload sshd: '/etc/init.d/sshd reload'.
That was quite a surprise for me, as I never installed (open)ssh
and it is not in my world.
After the following query:
# equery depends --indirect openssh
I have got the following:
* These packages depend on openssh:
gnome-base/gvfs-1.16.4 (net-misc/openssh)
app-cdr/brasero-3.8.0 (gnome-base/gvfs)
media-gfx/gthumb-3.2.4 (cdr ? =app-cdr/brasero-3.2)
app-editors/gedit-3.8.3 (gnome-base/gvfs)
gnome-base/nautilus-3.8.2 (=gnome-base/gvfs-1.14[gtk])
app-cdr/brasero-3.8.0 (nautilus ? =gnome-base/nautilus-2.91.90)
app-text/evince-3.8.3 (nautilus ?
=gnome-base/nautilus-2.91.4[introspection?])
gnome-extra/sushi-3.8.1 (=app-text/evince-3.0[introspection])
gnome-base/nautilus-3.8.2 (previewer ? =gnome-extra/sushi-0.1.9)
gnome-extra/sushi-3.8.1 (=gnome-base/nautilus-3.1.90)
media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs)
app-doc/gimp-help-2.6.1 (=media-gfx/gimp-2.4)
media-gfx/dcraw-9.10 (gimp ? media-gfx/gimp) media-gfx/gthumb-3.2.4
(!raw ? media-gfx/dcraw) xfce-base/thunar-1.6.2 (dbus ?
=gnome-base/gvfs-1.10.1) (udev ?
=gnome-base/gvfs-1.10.1[udisks,udev]) (udev ?
=gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ?
=gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ?
=xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10
(=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ?
net-misc/openssh) (!minimal ? net-misc/openssh)
Inspecting my /etc/conf.d and /etc/init.d directories,
I have found sshd files in both of them.
So, my main question is as follows:
Do I really need (open)sshd and, if no, how can I properly disable
(open)sshd in my Gentoo box?
If you have gvfs, you will have openssh, presumably so you can access
remote files over ssh.
Why do you want to disable the daemon? Just don't run it.
As, I have just found out by running rc-update show, sshd does not
run.
So, in this respect everything is ok, thank you. :)
openssh is extremely useful for many reasons, you really don't want to
not have it. The package has the client and daemons, just don;t run
the sshd daemon
I guess that one of the ways to disable (open)sshd is to make
/etc/init.d/sshd file unexacutable, but is it a clean way to do so?
No, that's dumb. It gets reset every time openssh is updated.
Just don't run it. It doesn't magically start by itself. If it's
security you are worried about, there are 100s of packages much more
troublesome, openssh is not something you should be worried about wrt
security. Just don't run the daemon.
Yes, I was worried because of the security reasons.
May be, it is relevant to this question that, in the future,
I am going to employ the distributed compiling feature for
this and another Gentoo box on the same local network.
Not relevant. distcc has it's own listening daemon and doesn't
use ssh for file transfer
Ok, thank you.
The additional my question is as follows:
What I am supposed to do in response to the merge your config files
in /etc/ssh/ message above?
etc-update or conf-update or similar
I was afraid to run etc-update as man says it will replace everything
automatically. However, I run dispatch-conf and it does not see any
problems at /etc/ssh, which have only the following three files:
moduli, ssh_config, sshd_config (though I have added /etc/ssh to
CONFIG_PROTECT_MASK).
Actually, I also do not see any problems with this and do not understand
how I can merge them.
Why, on Earth, I have got that merge your config files in /etc/ssh/
message from net-misc/openssh-6.4_p1-r1, then?
The ebuild has a dumbass elog() statement in it which you don't really
need to be there, as you should be running conf-update anyway after
every emerge right?
Till now, I have always updated my configs manually using gvimdiff and
did know nothing about conf-update, etc-update or dispatch-conf tools.
The conf-update even have not been installed on my system. Do you think
I should try it?
All the questions you are asking are basic Gentoo questions, answered in
the docs. Gentoo provides these tools such as etc-update and rc-update
to make your life easier. You should familiarize yourself with them:
http://www.gentoo.org/doc/en/handbook/
https://wiki.gentoo.org/wiki/Project:Documentation/Overview
As for that elog message at the end of the merge, like I already said
it's a stupid dumbass message that could be much more useful but isn't.
From the ebuild:
pkg_postinst() {
...
ewarn Remember to merge your
Re: [gentoo-user] Do I really need a sshd?
On Sat, 04 Jan 2014 17:15:22 +0200 Alan McKinnon alan.mckin...@gmail.com wrote: On 04/01/2014 15:57, Gevisz wrote: On Sat, 04 Jan 2014 12:49:42 +0200 Alan McKinnon alan.mckin...@gmail.com wrote: On 04/01/2014 12:24, Gevisz wrote: After today's update of the world, emerge printed the following message: * Messages for package net-misc/openssh-6.4_p1-r1: * dev-libs/openssl was built with 'bindist' - disabling ecdsa support * Remember to merge your config files in /etc/ssh/ and then * reload sshd: '/etc/init.d/sshd reload'. That was quite a surprise for me, as I never installed (open)ssh and it is not in my world. After the following query: # equery depends --indirect openssh I have got the following: * These packages depend on openssh: gnome-base/gvfs-1.16.4 (net-misc/openssh) app-cdr/brasero-3.8.0 (gnome-base/gvfs) media-gfx/gthumb-3.2.4 (cdr ? =app-cdr/brasero-3.2) app-editors/gedit-3.8.3 (gnome-base/gvfs) gnome-base/nautilus-3.8.2 (=gnome-base/gvfs-1.14[gtk]) app-cdr/brasero-3.8.0 (nautilus ? =gnome-base/nautilus-2.91.90) app-text/evince-3.8.3 (nautilus ? =gnome-base/nautilus-2.91.4[introspection?]) gnome-extra/sushi-3.8.1 (=app-text/evince-3.0[introspection]) gnome-base/nautilus-3.8.2 (previewer ? =gnome-extra/sushi-0.1.9) gnome-extra/sushi-3.8.1 (=gnome-base/nautilus-3.1.90) media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs) app-doc/gimp-help-2.6.1 (=media-gfx/gimp-2.4) media-gfx/dcraw-9.10 (gimp ? media-gfx/gimp) media-gfx/gthumb-3.2.4 (!raw ? media-gfx/dcraw) xfce-base/thunar-1.6.2 (dbus ? =gnome-base/gvfs-1.10.1) (udev ? =gnome-base/gvfs-1.10.1[udisks,udev]) (udev ? =gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ? =gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ? =xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10 (=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ? net-misc/openssh) (!minimal ? net-misc/openssh) Inspecting my /etc/conf.d and /etc/init.d directories, I have found sshd files in both of them. So, my main question is as follows: Do I really need (open)sshd and, if no, how can I properly disable (open)sshd in my Gentoo box? If you have gvfs, you will have openssh, presumably so you can access remote files over ssh. Why do you want to disable the daemon? Just don't run it. As, I have just found out by running rc-update show, sshd does not run. So, in this respect everything is ok, thank you. :) openssh is extremely useful for many reasons, you really don't want to not have it. The package has the client and daemons, just don;t run the sshd daemon I guess that one of the ways to disable (open)sshd is to make /etc/init.d/sshd file unexacutable, but is it a clean way to do so? No, that's dumb. It gets reset every time openssh is updated. Just don't run it. It doesn't magically start by itself. If it's security you are worried about, there are 100s of packages much more troublesome, openssh is not something you should be worried about wrt security. Just don't run the daemon. Yes, I was worried because of the security reasons. May be, it is relevant to this question that, in the future, I am going to employ the distributed compiling feature for this and another Gentoo box on the same local network. Not relevant. distcc has it's own listening daemon and doesn't use ssh for file transfer Ok, thank you. The additional my question is as follows: What I am supposed to do in response to the merge your config files in /etc/ssh/ message above? etc-update or conf-update or similar I was afraid to run etc-update as man says it will replace everything automatically. However, I run dispatch-conf and it does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Actually, I also do not see any problems with this and do not understand how I can merge them. Why, on Earth, I have got that merge your config files in /etc/ssh/ message from net-misc/openssh-6.4_p1-r1, then? The ebuild has a dumbass elog() statement in it which you don't really need to be there, as you should be running conf-update anyway after every emerge right? Till now, I have always updated my configs manually using gvimdiff and did know nothing about conf-update, etc-update or dispatch-conf tools. The conf-update even have not been installed on my system. Do you think I should try it? All the questions you are asking are basic Gentoo questions, answered in the docs. Gentoo provides these tools such as etc-update and rc-update to make your life easier. You should familiarize yourself with them: http://www.gentoo.org/doc/en/handbook/ https://wiki.gentoo.org/wiki/Project:Documentation/Overview As
Re: [gentoo-user] Do I really need a sshd?
On Sat, 4 Jan 2014 15:57:10 +0200, Gevisz wrote: etc-update or conf-update or similar I was afraid to run etc-update as man says it will replace everything automatically. However, I run dispatch-conf and it does not see any problems at /etc/ssh, which have only the following three files: moduli, ssh_config, sshd_config (though I have added /etc/ssh to CONFIG_PROTECT_MASK). Why did you do that? By masking out config file protection for /etc/ssh there will never be anything to be managed by etc-update as you have told portage to replace those files blindly and without asking. -- Neil Bothwick Suicide is the most sincere form of self-criticism. signature.asc Description: PGP signature
