|Summary:||[patch] security/openssh-portable add rc.conf vars for flags to ssh-keygen; remove rsa1|
|Product:||Ports & Packages||Reporter:||Chad Jacob Milios <milios>|
|Component:||Individual Port(s)||Assignee:||Bryan Drewery <bdrewery>|
|Status:||In Progress ---|
|Severity:||Affects Some People||CC:||chrysalis, milios, w.schwarzenfeld|
Description Chad Jacob Milios 2015-08-08 02:29:54 UTC
Created attachment 159654 [details] svn diff of /usr/ports/security/openssh-portable implements identical functionality to https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159642&action=diff which is for base rc.d/sshd This port update also increases the default on RSA version 1 keys from 1024 to 2048 bits. Is there any lasting compelling reason for that explicit low setting in the rc.d script? Using the 2048 implicit default brings us in line with the present base defaults of how sshd starts up.
Comment 1 Chad Jacob Milios 2015-08-08 02:51:03 UTC
Created attachment 159655 [details] svn diff of /usr/ports/security/openssh-portable-devel same thing for the -devel port
Comment 2 Mark Linimon 2015-08-08 07:45:36 UTC
s/openssl/openssh/g and assign.
Comment 3 Chad Jacob Milios 2015-08-08 12:37:47 UTC
Created attachment 159665 [details] svn diff of /usr/ports/security/openssh-portable DOH!! did i title this PR with openssL-portable? it was late last night. i just found a s/skip_ecdsa= skip_ecdsa=/skip_ecdsa= skip_ed25519=/ apparently my copy-paste-fu was lacking. comb through these please and/or feel free to take liberties with the style and implementation to match base and/or reduce enumerations of the keys.
Comment 4 Chad Jacob Milios 2015-08-08 12:40:26 UTC
Created attachment 159666 [details] svn diff of /usr/ports/security/openssl-portable-devel i just found a s/skip_ecdsa= skip_ecdsa=/skip_ecdsa= skip_ed25519=/ apparently my copy-paste-fu was lacking. comb through these please and/or feel free to take liberties with the style and implementation to match base and/or reduce enumerations of the keys. take NOTE of also in base: https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159642&action=diff
Comment 5 Chad Jacob Milios 2015-09-01 16:06:53 UTC
Created attachment 160593 [details] svn diff of /usr/ports/security/openssh-portable incorporates fix to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202792 # svn status M Makefile M files/openssh.in
Comment 6 Chad Jacob Milios 2015-09-01 16:08:27 UTC
Created attachment 160594 [details] svn diff of /usr/ports/security/openssl-portable-devel svn diff of /usr/ports/security/openssh-portable-devel incorporates fix to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202792 # svn status M Makefile M files/openssh.in
Comment 7 commit-hook 2015-09-24 21:55:07 UTC
A commit references this bug: Author: bdrewery Date: Thu Sep 24 21:54:41 UTC 2015 New revision: 397771 URL: https://svnweb.freebsd.org/changeset/ports/397771 Log: Stop trying to create the RSA protocol 1 key from the rc.d file. It is no longer supported by default since 7.0.  I do plan to make this configurable based on PR 202169  soon. PR: 202792  PR: 202169  Submitted by: email@example.com  Changes: head/security/openssh-portable/Makefile head/security/openssh-portable/files/openssh.in
Comment 8 Bryan Drewery 2015-09-24 21:56:48 UTC
I committed PR 202792 for now but do plan to take your change. I may commit it to the base version as well (PR 202153). I just need more time to review and test it.
Comment 9 Bryan Drewery 2015-09-24 21:57:05 UTC
[There's no need to rebase your patch, I can handle the conflict I made]
Comment 10 Walter Schwarzenfeld 2018-01-12 08:03:10 UTC
Is this still relevant?
Comment 11 Chad Jacob Milios 2018-01-12 11:30:05 UTC
i still use this patch everywhere because i like my deployments to auto generate strong keys and i distrust DSA altogether. the openssh-portable-devel port has been dropped
Comment 12 Walter Schwarzenfeld 2019-08-16 13:05:01 UTC
Any news here?