This is the mail archive of the
mailing list for the Cygwin project.
Re: SSHD installation defaults / security
On Mon, 11 Oct 2004, Corinna Vinschen wrote:
> On Oct 11 13:29, Jochen Wezel wrote:
> > Hi!
> > I've installed today the current release of cygwin (1.5.11-1) with
> > OpenSSH package.
> > There are 2 issues:
> > 1. This package (or at least the ssh-host-config script) depends on
> > cygserver
> Neither the package nor ssh-host-config depend on cygserver. Dunno how
> you get the idea. Do you mean cygrunsrv? Yes, the ssh-host-config
> script depends on it *iff* you answer the question to install sshd as a
> I'm not sure if the package should require cygrunsrv, though. The
> /usr/share/doc/Cygwin/openssh.README file mentions that cygrunsrv is
> required to install sshd as service on NT systems.
Well, in the spirit of CGF's comment about tetex-x11 requiring X because
of xdvi (see <http://cygwin.com/ml/cygwin-apps/2004-10/msg00163.html>),
perhaps openssh *should* require cygrunsrv.
> > 2. After installation, the /etc/sshd_config file allows SSH protocol 1
> > by default. Since this protocol 1 has a coneceptual security hole, it
> > should not be available after standard setup. If somebody requires it,
> > he had to manually configure the sshd_config. That's why I suggest to
> > change that file to:
> > Port 22
> > Protocol 2 #,1 # <-- activate protocol version 1 here, if
> > you really require it
> > #ListenAddress 0.0.0.0
> > #ListenAddress ::
> > Please can the developers do these changes?
> The above installation of /etc/sshd_config is, except for a small Cygwin
> specific tweak, the same sshd_config file as you get it when building
> and installing OpenSSH from scratch. There's no reason to change that
> unless the core developers of OpenSSH decide to install it differently.
IOW, Jochen, take it up with the upstream openssh team...
|\ _,,,---,,_ email@example.com
ZZZzz /,`.-'`' -. ;-;;,_ firstname.lastname@example.org
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Happiness lies in being privileged to work hard for long hours in doing
whatever you think is worth doing." -- Dr. Jubal Harshaw
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html