First, OpenSSH is great... but it can be REALLY hard to get it
properly configured. The problem is that there are MANY different
ways of authenticating (4 in ssh1, 2 in ssh2). Each can be
enabled/disabled in many different places (command line args, server
config, personal config, and other ways). Thus it can be really
confusing when the way you expect to authenticate doesn't happen.
This makes it really hard to properly configure.
For example, recently I was trying to get ssh1 RSAHostAuthentication
to work... I ended up running everything under a debugger only to find
out that things were now not working, but for a different reason
(because I was now running it on a non-privileged port to debug).
It sure would have been nice to see a warning message that it was
disabling RSAHostAutentication because of a non-priviledged port
instead of silently turning it off.
Yes, ssh -v is pretty helpful and gets some debugging about what's on
and off, but not enough. (Not this case, for example :-)
My modest proposal is that before enabling or disabling ANY protocol
ssh should log why (in a way seen by ssh -v).
(In addition to making deployment easier, this should enhance security
by making it obvious why something is enabled that you may not expect.)
I have two questions:
1. Do folks agree this is a good idea?
2. As a US citizen, would you take code contributed by me to
accomplish this task? I certainly don't want to jepordize the code
base or break the (US) law about crypto code.
(I have a preliminary patch for the case I outlined, but what is
really called for is a comprehensive audit of where crypto methods are
turned on and off.)
-John Heidemann