Variable path to ssh_prng_cmds?
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Fri Apr 6 03:17:16 EST 2001
On Thu, 5 Apr 2001, Armin Kunaschik wrote:
> Hi there,
>
> I have all my additional software mounted from one central place.
> Therefore I'm trying to limit all unnecessary local files.
> Local config files are ok... e.g. keys, ssh_config etc, but why
> needs ssh_prng_cmds to be in /etc? So why not put it into $bindir?
> There are no problems doing this with a few manual fixes. So
> are there any security concerns? Is it possible to make this a
> configuration option in the furure?
>
I don't agree with 'ssh_prng_cmds' being in $bindir. It's a
configuration file, and therefor should be in /etc or ${PREFIX}/etc.
Putting it in ${BINDIR} is illogical and not something that people would
think of without refering to any technical notes you leave behind if you
were to leave for vacation or a new job.
However, I suggest you really use PRNGd instead of the built in entropy
generation if you can. You get higher quality entropy and you don't have
to worry about 'ssh_prng_cmds' in /etc.
- Ben
More information about the openssh-unix-dev
mailing list