| History log of /src/etc/ssh |
| Revision | Date | Author | Comments |
| 1.4 | 30-Aug-2022 |
riastradh | /etc/ssh: Install ssh_known_hosts with mode 644.
Makes it agree with the mtree and more convenient for admin to edit.
XXX pullup-8
XXX pullup-9
|
| 1.3 | 21-May-2017 |
riastradh | branches: 1.3.2; 1.3.12;
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
|
| 1.2 | 26-Jun-2006 |
mrg | don't install crypto files with MKCRYPTO=no. with these changes, a
MKCRYPTO=no build completes.
|
| 1.1 | 16-May-2004 |
lukem | Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.
XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.
|
| 1.3.12.1 | 22-Feb-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1604):
etc/ssh/Makefile: revision 1.4
usr.bin/mail/Makefile: revision 1.41
external/ibm-public/postfix/etc/Makefile: revision 1.2
etc/bluetooth/Makefile: revision 1.6
crypto/external/bsd/openssh/bin/Makefile: revision 1.5
etc/root/Makefile: revision 1.5
etc/iscsi/Makefile: revision 1.4
/root: Install .cshrc and .profile links with the same mode.
Previously we would:
1. Install /root/.cshrc and /root/.profile with mode FILESMODE=644 as
requested in src/etc/root/Makefile and as echoed in
/etc/mtree/special.
2. Create hard links at /.cshrc and /.profile through CONFIGLINKS.
3. Because LINKSMODE was unset and defaults to NOBINMODE=444, change
the mode to 444.
This scenario is confusing, and mtree objects to it, which is bad for
warning fatigue in a security-relevant mechanism. (There are also
several other files mtree objects to out of the box -- we should fix
those too.)
With this change we install the links with the same mode as the
original files, in agreement with the mtree. The files, .cshrc and
.profile, are intended to be editable configuration files, so 644
makes sense while 444 makes no sense and gets in the way of editors
like vi.
Discussed on tech-userlevel:
https://mail-index.netbsd.org/tech-userlevel/2022/08/29/msg013498.html
etc: Fix permissions of various editable configuration files.
This way they match the mtree and make sense and don't cause editors
to ask to override read-only files when editing them.
Exception: Not sure /etc/bluetooth/protocols makes as much sense to
edit, but the mtree says 644, so if you want to change it, make sure
to change it in both places -- Makefile and mtree.
/etc/ssh: Install ssh_known_hosts with mode 644.
Makes it agree with the mtree and more convenient for admin to edit.
|
| 1.3.2.1 | 22-Feb-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1800):
etc/ssh/Makefile: revision 1.4
usr.bin/mail/Makefile: revision 1.41
external/ibm-public/postfix/etc/Makefile: revision 1.2
etc/bluetooth/Makefile: revision 1.6
crypto/external/bsd/openssh/bin/Makefile: revision 1.5
etc/root/Makefile: revision 1.5
etc/iscsi/Makefile: revision 1.4
/root: Install .cshrc and .profile links with the same mode.
Previously we would:
1. Install /root/.cshrc and /root/.profile with mode FILESMODE=644 as
requested in src/etc/root/Makefile and as echoed in
/etc/mtree/special.
2. Create hard links at /.cshrc and /.profile through CONFIGLINKS.
3. Because LINKSMODE was unset and defaults to NOBINMODE=444, change
the mode to 444.
This scenario is confusing, and mtree objects to it, which is bad for
warning fatigue in a security-relevant mechanism. (There are also
several other files mtree objects to out of the box -- we should fix
those too.)
With this change we install the links with the same mode as the
original files, in agreement with the mtree. The files, .cshrc and
.profile, are intended to be editable configuration files, so 644
makes sense while 444 makes no sense and gets in the way of editors
like vi.
Discussed on tech-userlevel:
https://mail-index.netbsd.org/tech-userlevel/2022/08/29/msg013498.html
etc: Fix permissions of various editable configuration files.
This way they match the mtree and make sense and don't cause editors
to ask to override read-only files when editing them.
Exception: Not sure /etc/bluetooth/protocols makes as much sense to
edit, but the mtree says 644, so if you want to change it, make sure
to change it in both places -- Makefile and mtree.
/etc/ssh: Install ssh_known_hosts with mode 644.
Makes it agree with the mtree and more convenient for admin to edit.
|
| 1.11 | 02-Oct-2025 |
kim | Update babylon5
|
| 1.10 | 31-Mar-2017 |
spz | add ssh-ed25519 keys
verify keys (split vir functions off from mollari)
|
| 1.9 | 23-Sep-2015 |
wiz | branches: 1.9.2; 1.9.4;
Add keys for wip.pkgsrc.org.
|
| 1.8 | 07-Jun-2013 |
spz | branches: 1.8.6; 1.8.8;
fix narn-names -> mollari
add ecdsa keys (in many cases, pre-emptive strikes)
|
| 1.7 | 08-May-2011 |
spz | branches: 1.7.4; 1.7.6; 1.7.10; 1.7.12; 1.7.20;
babylon5 ssh key changed (due to reinstall)
|
| 1.6 | 12-Sep-2010 |
spz | releng has been on mollari for a while now. Also, add wiki
|
| 1.5 | 20-Aug-2009 |
spz | add morden, mollari, pkgbuild and build
adjust funtion names' keys
add the proper names of hosts too in preparation of their function moving
|
| 1.4 | 26-Sep-2006 |
tron | branches: 1.4.2; 1.4.12; 1.4.26; 1.4.30; 1.4.32;
Remove key for "tgm.netbsd.org". The machine was put out of service when
the new autobuild cluster was brought up.
|
| 1.3 | 07-Nov-2004 |
soren | - .isc.netbsd.org aliases are gone
- zathras is gone, alias releng to www
|
| 1.2 | 20-Jan-2004 |
tls | branches: 1.2.2;
The previous version of this file had the wrong key for cvs.netbsd.org(!);
it had the key from before the machine was officially placed in service
as "cvs.netbsd.org". Replace with correct key. Duh.
|
| 1.1 | 11-Jan-2004 |
tls | Moved from src/etc. known_hosts file containing Project servers.
|
| 1.2.2.1 | 12-Nov-2004 |
jmc | Pullup rev 1.3 (requested by soren in ticket #962)
- .isc.netbsd.org aliases are gone
- zathras is gone, alias releng to www
|
| 1.4.32.1 | 21-Apr-2010 |
matt | sync to netbsd-5
|
| 1.4.30.2 | 16-Jan-2011 |
bouyer | Pull up following revision(s) (requested by riz in ticket #1516):
etc/ssh/ssh_known_hosts: revision 1.6
releng has been on mollari for a while now. Also, add wiki
|
| 1.4.30.1 | 30-Aug-2009 |
snj | Pull up following revision(s) (requested by spz in ticket #930):
etc/ssh/ssh_known_hosts: revision 1.5
add morden, mollari, pkgbuild and build
adjust function names' keys
add the proper names of hosts too in preparation of their function moving
|
| 1.4.26.3 | 20-Sep-2013 |
riz | Pull up following revision(s) (requested by spz in ticket #1878):
etc/ssh/ssh_known_hosts: revision 1.7
etc/ssh/ssh_known_hosts: revision 1.8
babylon5 ssh key changed (due to reinstall)
fix narn-names -> mollari
add ecdsa keys (in many cases, pre-emptive strikes)
|
| 1.4.26.2 | 16-Jan-2011 |
bouyer | branches: 1.4.26.2.2;
Pull up following revision(s) (requested by riz in ticket #1516):
etc/ssh/ssh_known_hosts: revision 1.6
releng has been on mollari for a while now. Also, add wiki
|
| 1.4.26.1 | 30-Aug-2009 |
snj | branches: 1.4.26.1.2;
Pull up following revision(s) (requested by spz in ticket #930):
etc/ssh/ssh_known_hosts: revision 1.5
add morden, mollari, pkgbuild and build
adjust function names' keys
add the proper names of hosts too in preparation of their function moving
|
| 1.4.26.2.2.1 | 20-Sep-2013 |
riz | Pull up following revision(s) (requested by spz in ticket #1878):
etc/ssh/ssh_known_hosts: revision 1.7
etc/ssh/ssh_known_hosts: revision 1.8
babylon5 ssh key changed (due to reinstall)
fix narn-names -> mollari
add ecdsa keys (in many cases, pre-emptive strikes)
|
| 1.4.26.1.2.2 | 20-Sep-2013 |
riz | Pull up following revision(s) (requested by spz in ticket #1878):
etc/ssh/ssh_known_hosts: revision 1.7
etc/ssh/ssh_known_hosts: revision 1.8
babylon5 ssh key changed (due to reinstall)
fix narn-names -> mollari
add ecdsa keys (in many cases, pre-emptive strikes)
|
| 1.4.26.1.2.1 | 16-Jan-2011 |
bouyer | Pull up following revision(s) (requested by riz in ticket #1516):
etc/ssh/ssh_known_hosts: revision 1.6
releng has been on mollari for a while now. Also, add wiki
|
| 1.4.12.2 | 16-Jan-2011 |
bouyer | Pull up following revision(s) (requested by riz in ticket #1415):
etc/ssh/ssh_known_hosts: revision 1.6
releng has been on mollari for a while now. Also, add wiki
|
| 1.4.12.1 | 05-Sep-2009 |
bouyer | Pull up following revision(s) (requested by spz in ticket #1355):
etc/ssh/ssh_known_hosts: revision 1.5
add morden, mollari, pkgbuild and build
adjust function names' keys
add the proper names of hosts too in preparation of their function moving
|
| 1.4.2.2 | 16-Jan-2011 |
bouyer | Pull up following revision(s) (requested by riz in ticket #1415):
etc/ssh/ssh_known_hosts: revision 1.6
releng has been on mollari for a while now. Also, add wiki
|
| 1.4.2.1 | 05-Sep-2009 |
bouyer | Pull up following revision(s) (requested by spz in ticket #1355):
etc/ssh/ssh_known_hosts: revision 1.5
add morden, mollari, pkgbuild and build
adjust function names' keys
add the proper names of hosts too in preparation of their function moving
|
| 1.7.20.3 | 11-Jul-2017 |
snj | Pull up following revision(s) (requested by spz in ticket #1447):
etc/ssh/ssh_known_hosts: revision 1.10
add ssh-ed25519 keys
verify keys (split vir functions off from mollari)
|
| 1.7.20.2 | 06-May-2016 |
snj | Pull up following revision(s) (requested by wiz in ticket #1362):
etc/ssh/ssh_known_hosts: revision 1.9
Add keys for wip.pkgsrc.org.
|
| 1.7.20.1 | 20-Sep-2013 |
riz | Pull up following revision(s) (requested by spz in ticket #947):
etc/ssh/ssh_known_hosts: revision 1.8
fix narn-names -> mollari
add ecdsa keys (in many cases, pre-emptive strikes)
|
| 1.7.12.3 | 11-Jul-2017 |
snj | Pull up following revision(s) (requested by spz in ticket #1447):
etc/ssh/ssh_known_hosts: revision 1.10
add ssh-ed25519 keys
verify keys (split vir functions off from mollari)
|
| 1.7.12.2 | 06-May-2016 |
snj | Pull up following revision(s) (requested by wiz in ticket #1362):
etc/ssh/ssh_known_hosts: revision 1.9
Add keys for wip.pkgsrc.org.
|
| 1.7.12.1 | 20-Sep-2013 |
riz | Pull up following revision(s) (requested by spz in ticket #947):
etc/ssh/ssh_known_hosts: revision 1.8
fix narn-names -> mollari
add ecdsa keys (in many cases, pre-emptive strikes)
|
| 1.7.10.1 | 23-Jun-2013 |
tls | resync from head
|
| 1.7.6.3 | 11-Jul-2017 |
snj | Pull up following revision(s) (requested by spz in ticket #1447):
etc/ssh/ssh_known_hosts: revision 1.10
add ssh-ed25519 keys
verify keys (split vir functions off from mollari)
|
| 1.7.6.2 | 06-May-2016 |
snj | Pull up following revision(s) (requested by wiz in ticket #1362):
etc/ssh/ssh_known_hosts: revision 1.9
Add keys for wip.pkgsrc.org.
|
| 1.7.6.1 | 20-Sep-2013 |
riz | Pull up following revision(s) (requested by spz in ticket #947):
etc/ssh/ssh_known_hosts: revision 1.8
fix narn-names -> mollari
add ecdsa keys (in many cases, pre-emptive strikes)
|
| 1.7.4.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.8.8.2 | 11-Apr-2017 |
martin | Pull up following revision(s) (requested by spz in ticket #1393):
etc/ssh/ssh_known_hosts: revision 1.10
add ssh-ed25519 keys
verify keys (split vir functions off from mollari)
|
| 1.8.8.1 | 26-Jan-2016 |
snj | Pull up following revision(s) (requested by wiz in ticket #1074):
etc/ssh/ssh_known_hosts: revision 1.9
Add keys for wip.pkgsrc.org.
|
| 1.8.6.2 | 11-Apr-2017 |
martin | Pull up following revision(s) (requested by spz in ticket #1393):
etc/ssh/ssh_known_hosts: revision 1.10
add ssh-ed25519 keys
verify keys (split vir functions off from mollari)
|
| 1.8.6.1 | 26-Jan-2016 |
snj | branches: 1.8.6.1.4;
Pull up following revision(s) (requested by wiz in ticket #1074):
etc/ssh/ssh_known_hosts: revision 1.9
Add keys for wip.pkgsrc.org.
|
| 1.8.6.1.4.1 | 11-Apr-2017 |
martin | Pull up following revision(s) (requested by spz in ticket #1393):
etc/ssh/ssh_known_hosts: revision 1.10
add ssh-ed25519 keys
verify keys (split vir functions off from mollari)
|
| 1.9.4.1 | 21-Apr-2017 |
bouyer | Sync with HEAD
|
| 1.9.2.1 | 26-Apr-2017 |
pgoyette | Sync with HEAD
|
