On Fri, Aug 07, 2015 at 12:13:23PM +0200, Michael Olbrich wrote:
> On Fri, Jul 17, 2015 at 11:54:51PM +0200, Clemens Gruber wrote:
> > SSH1 config options were removed and a variety of more secure defaults
> > chosen, inspired by the Debian preinit script and their sshd_config.
> > Users can now add other HostKeys to the sshd_config and the openssh
> > rc.once.d script will automatically generate the necessary keys.
> > I also added an option to show the randomart representation of the key
> > to the user.
> > 
> > In the sshd_config, all SSH1 related settings were removed and some
> > important options were explicitly enabled.
> > TCPKeepAlive was disabled as it is easily spoofable and a better
> > alternative does exist (ClientAliveInterval).
> > The sandbox mechanism (using seccomp) is used, if available.
> 
> 
> I've played with this a bit, but unfortunately I didn't have the time to
> push this forward. And today is my last day before my summer vacation. I
> won't even read the mailing list for the next weeks.
> I've attached my current version of /etc/rc.once.d/openssh. Please take a
> look if that's ok for you too.

Forgot the attachment...

Michael

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |