BadOption failures "annoying"

Philipp Buehler lists at
Sun Oct 7 12:49:15 EST 2001


some question about the configuration behaviour of openssh..

     -f configuration_file
             Specifies the name of the configuration file.  The default is
             /etc/sshd_config. sshd refuses to start if there is no configura-
             tion file.

While servconf.c has the routine 
fill_default_server_options(ServerOptions *options)
which sets valid/common options by "itself" - thus I *can* run sshd
w/ an empty configuration file anyway .. hello?

servconf.c also kills the startup if it cant recognize an option - thus
if I make a typo (or in this case use an option from a newer sshd on an
older installation) sshd will fail.

Ok, <paranoia> It's better to refuse starting then *maybe* in an
insecure configuration mode </paranoia> .. and yes <pedantic> test your
stuff before restarting </pedantic> .. but hey, sometimes you are in a 
hurry .. :-}
Or imagine a nulled configuration file (FS fuckup, whatever) sshd will start
also.. w/ possible insecure configuration ....

openssh tends to develop major paranoia .. security is also about 
realiablity. sshd is usually a *remote* tool, and way-to-easy-self-shoot-feet
is not fun (yeah, tell me something about terminalservers)
same for removing 'cipher none' .. ever thought of IPsec connected LANs
where maybe a slow machine is connected with "trusted cables" to the IPsec
gateway.. it's nice to still have public keys but not the crypting overhead
while "work" and it's still encrypted via the untrusted path..

so long,
Philipp Buehler, aka fips | GmbH | BOfH | NUCH | <double-p> 

#1: Break the clue barrier!
#2: Already had buzzword confuseritis ? 

More information about the openssh-unix-dev mailing list