BadOption failures "annoying"
Markus Friedl
markus at openbsd.org
Sun Oct 7 20:36:31 EST 2001
On Sun, Oct 07, 2001 at 04:49:15AM +0200, Philipp Buehler wrote:
> Ok, <paranoia> It's better to refuse starting then *maybe* in an
> insecure configuration mode </paranoia> .. and yes <pedantic> test your
> stuff before restarting </pedantic> .. but hey, sometimes you are in a
> hurry .. :-}
> Or imagine a nulled configuration file (FS fuckup, whatever) sshd will start
> also.. w/ possible insecure configuration ....
the default is not considered insecure.
sshd assumes that if you do
sshd -f /dev/null
you know what you are doing.
moreover, if you do
echo bogusoption yes > sshd_config
sshd -f sshd_config
then it also assumes that you know what you are doing.
> <rant>
> openssh tends to develop major paranoia .. security is also about
> realiablity.
please send a bug report if you discover a realiablity bug.
> sshd is usually a *remote* tool, and way-to-easy-self-shoot-feet
> is not fun (yeah, tell me something about terminalservers)
you can start backup daemons if you don't understand the
documentation.
> same for removing 'cipher none'
cipher none support got not removed, it was never supported.
> .. ever thought of IPsec connected LANs
> where maybe a slow machine is connected with "trusted cables" to the IPsec
> gateway..
there is not standard API for figuring out the IPsec SAs
for the underlying TCP connection.
> it's nice to still have public keys but not the crypting overhead
> while "work"
how much overhead is it in interactive sessions?
> and it's still encrypted via the untrusted path..
-m
More information about the openssh-unix-dev
mailing list