Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "Jochen Wezel" <jochen AT familie-wezel DOT de>
To: <cygwin AT cygwin DOT com>
Subject: SSHD installation defaults / security
Date: Mon, 11 Oct 2004 13:29:10 +0200
Message-ID: <001801c4af85$87bb3280$3300a8c0@heroldy>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id i9BBThWG002107

Hi!

I've installed today the current release of cygwin (1.5.11-1) with OpenSSH
package.

There are 2 issues:

1. This package (or at least the ssh-host-config script) depends on
cygserver, which doesn't gets installed automatically. Please can somebody
change this dependency to select cygserver automatically if OpenSSH has been
selected in the setup wizard?

2. After installation, the /etc/sshd_config file allows SSH protocol 1 by
default. Since this protocol 1 has a coneceptual security hole, it should
not be available after standard setup. If somebody requires it, he had to
manually configure the sshd_config. That's why I suggest to change that file
to:

Port 22
Protocol 2 #,1			# <-- activate protocol version 1 here, if
you really require it
#ListenAddress 0.0.0.0
#ListenAddress ::

Please can the developers do these changes?
Thanks!

Jochen


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/