Bug 202169 - [patch] security/openssh-portable add rc.conf vars for flags to ssh-keygen; remove rsa1
Summary: [patch] security/openssh-portable add rc.conf vars for flags to ssh-keygen; r...
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Bryan Drewery
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2015-08-08 02:29 UTC by Chad Jacob Milios
Modified: 2018-01-12 11:30 UTC (History)
3 users (show)

See Also:


Attachments
svn diff of /usr/ports/security/openssh-portable (3.84 KB, text/plain)
2015-08-08 02:29 UTC, Chad Jacob Milios
no flags Details
svn diff of /usr/ports/security/openssh-portable-devel (3.87 KB, patch)
2015-08-08 02:51 UTC, Chad Jacob Milios
no flags Details | Diff
svn diff of /usr/ports/security/openssh-portable (3.84 KB, patch)
2015-08-08 12:37 UTC, Chad Jacob Milios
no flags Details | Diff
svn diff of /usr/ports/security/openssl-portable-devel (3.88 KB, patch)
2015-08-08 12:40 UTC, Chad Jacob Milios
no flags Details | Diff
svn diff of /usr/ports/security/openssh-portable (3.69 KB, patch)
2015-09-01 16:06 UTC, Chad Jacob Milios
no flags Details | Diff
svn diff of /usr/ports/security/openssl-portable-devel (3.72 KB, patch)
2015-09-01 16:08 UTC, Chad Jacob Milios
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chad Jacob Milios 2015-08-08 02:29:54 UTC
Created attachment 159654 [details]
svn diff of /usr/ports/security/openssh-portable

implements identical functionality to https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159642&action=diff which is for base rc.d/sshd

This port update also increases the default on RSA version 1 keys from 1024 to 2048 bits. Is there any lasting compelling reason for that explicit low setting in the rc.d script? Using the 2048 implicit default brings us in line with the present base defaults of how sshd starts up.
Comment 1 Chad Jacob Milios 2015-08-08 02:51:03 UTC
Created attachment 159655 [details]
svn diff of /usr/ports/security/openssh-portable-devel

same thing for the -devel port
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2015-08-08 07:45:36 UTC
s/openssl/openssh/g and assign.
Comment 3 Chad Jacob Milios 2015-08-08 12:37:47 UTC
Created attachment 159665 [details]
svn diff of /usr/ports/security/openssh-portable

DOH!! did i title this PR with openssL-portable? it was late last night.

i just found a s/skip_ecdsa= skip_ecdsa=/skip_ecdsa= skip_ed25519=/ apparently my copy-paste-fu was lacking.

comb through these please and/or feel free to take liberties with the style and implementation to match base and/or reduce enumerations of the keys.
Comment 4 Chad Jacob Milios 2015-08-08 12:40:26 UTC
Created attachment 159666 [details]
svn diff of /usr/ports/security/openssl-portable-devel

i just found a s/skip_ecdsa= skip_ecdsa=/skip_ecdsa= skip_ed25519=/ apparently my copy-paste-fu was lacking.

comb through these please and/or feel free to take liberties with the style and implementation to match base and/or reduce enumerations of the keys.

take NOTE of also in base: https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159642&action=diff
Comment 5 Chad Jacob Milios 2015-09-01 16:06:53 UTC
Created attachment 160593 [details]
svn diff of /usr/ports/security/openssh-portable

incorporates fix to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202792

# svn status
M       Makefile
M       files/openssh.in
Comment 6 Chad Jacob Milios 2015-09-01 16:08:27 UTC
Created attachment 160594 [details]
svn diff of /usr/ports/security/openssl-portable-devel

svn diff of /usr/ports/security/openssh-portable-devel

incorporates fix to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202792

# svn status
M       Makefile
M       files/openssh.in
Comment 7 commit-hook freebsd_committer 2015-09-24 21:55:07 UTC
A commit references this bug:

Author: bdrewery
Date: Thu Sep 24 21:54:41 UTC 2015
New revision: 397771
URL: https://svnweb.freebsd.org/changeset/ports/397771

Log:
  Stop trying to create the RSA protocol 1 key from the rc.d file.  It is no
  longer supported by default since 7.0. [1]

  I do plan to make this configurable based on PR 202169 [2] soon.

  PR:		202792 [1]
  PR:		202169 [2]
  Submitted by:	chrysalis@chrysalisnet.org [1]

Changes:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/openssh.in
Comment 8 Bryan Drewery freebsd_committer 2015-09-24 21:56:48 UTC
I committed PR 202792 for now but do plan to take your change. I may commit
it to the base version as well (PR 202153).

I just need more time to review and test it.
Comment 9 Bryan Drewery freebsd_committer 2015-09-24 21:57:05 UTC
[There's no need to rebase your patch, I can handle the conflict I made]
Comment 10 w.schwarzenfeld freebsd_triage 2018-01-12 08:03:10 UTC
Is this still relevant?
Comment 11 Chad Jacob Milios 2018-01-12 11:30:05 UTC
i still use this patch everywhere because i like my deployments to auto generate strong keys and i distrust DSA altogether.

the openssh-portable-devel port has been dropped