[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication'
|
From: |
ng0 |
|
Subject: |
Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option. |
|
Date: |
Sun, 19 Feb 2017 18:54:31 +0000 |
On 17-02-18 19:32:15, Clément Lassieur wrote:
> Ricardo Wurmus <address@hidden> writes:
> > Clément Lassieur <address@hidden> writes:
> >
> >> * gnu/services/ssh.scm (openssh-config-file): Remove it.
> >> (<openssh-configuration>)[rsa-authentication?]: Remove it.
> >> * doc/guix.texi (Networking Services): Remove it.
> >> ---
> >> doc/guix.texi | 5 -----
> >> gnu/services/ssh.scm | 5 -----
> >> 2 files changed, 10 deletions(-)
> >>
> >> diff --git a/doc/guix.texi b/doc/guix.texi
> >> index 22eef3a64..54d4bab89 100644
> >> --- a/doc/guix.texi
> >> +++ b/doc/guix.texi
> >> @@ -9151,11 +9151,6 @@ false, users have to use other authentication
> >> method.
> >> Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
> >> This is used only by protocol version 2.
> >>
> >> address@hidden @code{rsa-authentication?} (default: @code{#t})
> >> -When true, users may log in using pure RSA authentication. When false,
> >> -users have to use other means of authentication. This is used only by
> >> -protocol 1.
> >> -
> >
> > Is it still possible to make SSH use protocol 1 or has this feature
> > disappeared? If it is still possible I think we should not remove this
> > option.
>
> Quote from https://www.openssh.com/releasenotes.html (about OpenSSH
> 7.4/7.4p1, which is the one we use):
>
> * This release removes server support for the SSH v.1 protocol.
>
> So I think it is not possible anymore.
>
As this discussion is around openssh service and you are moving some
pieces in there around:
To me it looks as if we currently have no way to make sure that
" Subsystem sftp /path/to/lib/ssh/sftp-server " is enabled
in the sshd_config (needed for sshfs to function), is this correct?
It would be good to add the 3 or 4 lines needed for this option as well,
defaulting to #f. I won't add this as I'd prefer to wait until you're
done. If you feel like this adds not much workload to the patchset, it
would be very much appreciated as an additional patch.
- [PATCH 0/2] Openssh service patches, Clément Lassieur, 2017/02/17
- [PATCH 2/2] services: openssh: remove deprecated 'RSAAuthentication' option., Clément Lassieur, 2017/02/17
- [PATCH 1/2] services: openssh: Use PAM in sshd by default., Clément Lassieur, 2017/02/17
- Re: [PATCH 0/2] Openssh service patches, ng0, 2017/02/17
- Re: [PATCH 0/2] Openssh service patches, Julien Lepiller, 2017/02/17
- [PATCH 1/2] services: openssh: Enable PAM., Clément Lassieur, 2017/02/18
- [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option., Clément Lassieur, 2017/02/18
- Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option., Ricardo Wurmus, 2017/02/18
- Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option., Clément Lassieur, 2017/02/18
- Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option.,
ng0 <=
- [PATCH 0/4] Openssh service patches, Clément Lassieur, 2017/02/20
- [PATCH 4/4] services: openssh: Add 'subsystems' option., Clément Lassieur, 2017/02/20
- [PATCH 2/4] services: openssh: Remove deprecated options., Clément Lassieur, 2017/02/20
- [PATCH 3/4] services: openssh: Fix 'PrintLastLog' default behaviour., Clément Lassieur, 2017/02/20
- [PATCH 1/4] services: openssh: Enable PAM., Clément Lassieur, 2017/02/20
- Re: [PATCH 1/4] services: openssh: Enable PAM., Clément Lassieur, 2017/02/22
- [PATCH] services: openssh: Enable PAM., Clément Lassieur, 2017/02/22
- Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option., Ricardo Wurmus, 2017/02/18
- Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option., Clément Lassieur, 2017/02/18
- Re: [PATCH 0/2] Openssh service patches, Clément Lassieur, 2017/02/18