Dear all, I'd like to suggest a change to the way sshd initialises, namely that the listener would only be opened after the RSA key generation has completed. I was playing with optimisation on IRIX 6.2 and -O3 managed to produce a version that would generate faulty keys. Of course, I didn't know that it did, so I just killed off the old sshd and started the new one. It forks so it works... or so I thought, but attempting to open a connection to the server would just hang. I then ran the daemon in debug mode and found out that it was stuck generating keys, testing them, failing, generating again... and failing again. However, the listener is opened before the keys are generated, so attempting to connect didn't cause a "connection refused" message but instead the client just hung. Wouldn't it make sense only to open the listener once server keys have been generated? In this way, a faulty (at least in this sense) compile could be detected much quicker through the fact that connections would always be refused. Regards, -- Atro Tossavainen (Mr.), Systems Analyst - email at URL - +358-9-850-111-86 Institute of Biotechnology, University of Helsinki, Finland My opinions may freely be shared by my employers if they want to. < URL : http : / / www . iki . fi / atro . tossavainen / >
