deprecated options in sshd_config

mlrx openssh-unix-dev at 18informatique.com
Sat Feb 24 16:27:13 AEDT 2018


Le 23/02/2018 à 23:12, Darren Tucker a écrit :
> On 24 February 2018 at 07:42, Colin Watson <cjwatson at debian.org> wrote:
>> On Fri, Feb 23, 2018 at 02:45:55PM +0100, mlrx wrote:
>>> May I infer that when an option is deprecated it can simply be deleted
>>> and consider that it is a working rule of the dev team (and therefore
>>> adopt this mode of operation for the future)?
> 
> Anything that the server (or client for that matter) reports as "line
> N: FooOption option Deprecated" are no-ops and may safely be removed
> from the config.
That's what I searched, perfect.

>> I'm not a member of the OpenSSH development team, only a packager and
>> occasional contributor, so you can't infer anything like that from my
>> message.  It wouldn't surprise me if there've been some times when more
>> migration work is required.
@C.W.: Thank you!

> Times where migration work is required are user-visible changes of
> behaviour and documented in the release notes[0] for that release,
> usually under "Potentially-incompatible changes".  The specific
> options in this thread (KeyRegenerationInterval[1])
> 
> 7.6p1:
> 
>   * ssh(1): delete SSH protocol version 1 support, associated
>     configuration options and documentation.
> 
> 7.5p1:
> 
>   * This release deprecates the sshd_config UsePrivilegeSeparation
>     option, thereby making privilege separation mandatory. Privilege
>     separation has been on by default for almost 15 years and
>     sandboxing has been on by default for almost the last five.
> 
> [0] https://www.openssh.com/releasenotes.html
> [1] https://man.openbsd.org/OpenBSD-6.0/sshd_config.5#KeyRegenerationInterval

Thank you to !

Regards,
-- 
benoist


More information about the openssh-unix-dev mailing list