BadOption failures "annoying"

Markus Friedl markus at
Sun Oct 7 20:36:31 EST 2001

On Sun, Oct 07, 2001 at 04:49:15AM +0200, Philipp Buehler wrote:
> Ok, <paranoia> It's better to refuse starting then *maybe* in an
> insecure configuration mode </paranoia> .. and yes <pedantic> test your
> stuff before restarting </pedantic> .. but hey, sometimes you are in a 
> hurry .. :-}
> Or imagine a nulled configuration file (FS fuckup, whatever) sshd will start
> also.. w/ possible insecure configuration ....

the default is not considered insecure.

sshd assumes that if you do
	sshd -f /dev/null
you know what you are doing.

moreover, if you do
	echo bogusoption yes > sshd_config
	sshd -f sshd_config
then it also assumes that you know what you are doing.

> <rant>
> openssh tends to develop major paranoia .. security is also about 
> realiablity.

please send a bug report if you discover a realiablity bug.

> sshd is usually a *remote* tool, and way-to-easy-self-shoot-feet
> is not fun (yeah, tell me something about terminalservers)

you can start backup daemons if you don't understand the

> same for removing 'cipher none'

cipher none support got not removed, it was never supported.

> .. ever thought of IPsec connected LANs
> where maybe a slow machine is connected with "trusted cables" to the IPsec
> gateway..

there is not standard API for figuring out the IPsec SAs
for the underlying TCP connection.

> it's nice to still have public keys but not the crypting overhead
> while "work"

how much overhead is it in interactive sessions?

> and it's still encrypted via the untrusted path..


More information about the openssh-unix-dev mailing list