bugzilla-daemon at mindrot.org
2014-Sep-16 14:05 UTC
[Bug 2277] New: config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277
Bug ID: 2277
Summary: config: add option to customize moduli file location
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: alon.barlev at gmail.com
Created attachment 2475
--> https://bugzilla.mindrot.org/attachment.cgi?id=2475&action=edit
config-add-option-to-customize-moduli-file-location.patch
Currently all files can be customized via sshd_config, however, the
moduli file cannot.
Running sshd in unprivileged context requires customization of all
resources, especially when some distributions sets the moduli as world
unreadable.
---
I hope I got this right. I could use the copy of options within the
child process, but I preferred to use the rpc in order to pass all
parameters, maybe you want this the other way arround.
This continue the series of unprivilege helpful functionality bug#2081,
bug#2276.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Oct-07 14:04 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277
Alon Bar-Lev <alon.barlev at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |https://github.com/openssh/
| |openssh-portable/pull/2
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Oct-07 14:12 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277
Alon Bar-Lev <alon.barlev at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2475|0 |1
is obsolete| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Mar-03 09:20 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277 --- Comment #1 from Alon Bar-Lev <alon.barlev at gmail.com> --- I cannot rebase this patch easily due to the split of ssh api, the kex is not linked against sshd and there is no [trivial] way to pass options. I do not think the API as a library should access files in fixed locations, I suggest to consider either removing fixed location or adding ability to pass options to the api. Another option is to control the moduli file location via the environment. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Mar-03 23:23 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
(In reply to Alon Bar-Lev from comment #1)> I cannot rebase this patch easily due to the split of ssh api, the
> kex is not linked against sshd and there is no [trivial] way to pass
> options.
>
> I do not think the API as a library should access files in fixed
> locations, I suggest to consider either removing fixed location or
> adding ability to pass options to the api.
The API isn't close to stable yet, it's likely to change substantially
before we are ready to expose for non-internal use
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Mar-04 06:58 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277 --- Comment #3 from Alon Bar-Lev <alon.barlev at gmail.com> --- (In reply to Damien Miller from comment #2)> (In reply to Alon Bar-Lev from comment #1) > > I cannot rebase this patch easily due to the split of ssh api, the > > kex is not linked against sshd and there is no [trivial] way to pass > > options. > > > > I do not think the API as a library should access files in fixed > > locations, I suggest to consider either removing fixed location or > > adding ability to pass options to the api. > > The API isn't close to stable yet, it's likely to change > substantially before we are ready to expose for non-internal useI understand. Do you have any preferences of how to pass the file location into the kex module? For example, can we add options to ssh structure? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Mar-04 07:16 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277 --- Comment #4 from Damien Miller <djm at mindrot.org> --- (In reply to Alon Bar-Lev from comment #3)> Do you have any preferences of how to pass the file location into > the kex module? For example, can we add options to ssh structure?Yes, something like that - ultimately we want to get rid of all global or file-static variables. Making it configurable will also help us write unit tests, so it's desirable for that too. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2022-Jul-01 04:42 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
This was added in openssh-8.6
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-04 10:58 UTC
[Bug 2277] config: add option to customize moduli file location
https://bugzilla.mindrot.org/show_bug.cgi?id=2277
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Closing bugs from openssh-9.1 release cycle
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.