Hello, First, my apologies: It's -practically- sure this ML is not the good place to, but I don't find better for now. I jumped from an OS to an other since few days. On the new one, openssh comes in a much newer version (good thing): 7.6p1 sshd lets me know that there are two depreciated options: - KeyRegenerationInterval - UsePrivilegeSeparation I search for a place where I can find information about deprecated options and how to manage it. The goal is to know if I need to replace or just erase these options. I want to stay close to the art's state and have a good understanding of changes. I have setted sshd with a guideline now outdated : https://www.ssi.gouv.fr/en/guide/openssh-secure-use-recommendations Where I searched: man sshd and sshd_config https://www.openssh.com/releasenotes.html UsePrivilegeSeparation = 12 occurences - not usefull for me KeyRegenerationInterval = 0 ? https://www.openssh.com/security.html https://www.openssh.com/manual.html duckduckgo is not really my friend this time? Please, could somebody point me a path ? Best regards and thanks for your amazing work. -- benoist -- benoist
On Fri, Feb 23, 2018 at 11:46:31AM +0100, mlrx wrote:> I jumped from an OS to an other since few days. On the new one, > openssh comes in a much newer version (good thing): 7.6p1 > sshd lets me know that there are two depreciated options: > - KeyRegenerationInterval > - UsePrivilegeSeparation > > I search for a place where I can find information about deprecated > options and how to manage it.I can't give you a general answer other than reading git history, but regarding your specific options: * KeyRegenerationInterval was specific to SSH protocol 1, which you almost certainly weren't using and in any case is no longer supported in recent versions of OpenSSH. * sshd now always behaves as if "UsePrivilegeSeparation sandbox" had been set, and this is no longer configurable. In both cases, you should just remove the options from sshd_config.5. -- Colin Watson [cjwatson at debian.org]
Le 23/02/2018 ? 12:42, Colin Watson a ?crit?:> On Fri, Feb 23, 2018 at 11:46:31AM +0100, mlrx wrote: >> I jumped from an OS to an other since few days. On the new one, >> openssh comes in a much newer version (good thing): 7.6p1 >> sshd lets me know that there are two depreciated options: >> - KeyRegenerationInterval >> - UsePrivilegeSeparation >> >> I search for a place where I can find information about deprecated >> options and how to manage it. > > I can't give you a general answer other than reading git history, but > regarding your specific options: > > * KeyRegenerationInterval was specific to SSH protocol 1, which you > almost certainly weren't using and in any case is no longer supported > in recent versions of OpenSSH. > * sshd now always behaves as if "UsePrivilegeSeparation sandbox" had > been set, and this is no longer configurable. > > In both cases, you should just remove the options from sshd_config.5.Hello, Thank you for your fast answer. May I infer that when an option is deprecated it can simply be deleted and consider that it is a working rule of the dev team (and therefore adopt this mode of operation for the future)? Regards, -- benoist -- benoist