From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: [PATCH 2/2] services: openssh: Remove deprecated 'RSAAuthentication' option. Date: Sun, 19 Feb 2017 18:54:31 +0000 Message-ID: <20170219185431.zgn53ndcbpedrgo7@wasp> References: <20170217184529.3a610d81@lepiller.eu> <20170218114617.6714-1-clement@lassieur.org> <20170218114617.6714-2-clement@lassieur.org> <8760k7sdw7.fsf@elephly.net> <87k28n1hao.fsf@lassieur.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49289) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cfWb9-0006gF-Aq for guix-devel@gnu.org; Sun, 19 Feb 2017 13:52:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cfWb6-0003N9-8M for guix-devel@gnu.org; Sun, 19 Feb 2017 13:52:39 -0500 Received: from fragranza.investici.org ([2a00:1dc0:2479::19]:25270) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cfWb5-0003MC-SE for guix-devel@gnu.org; Sun, 19 Feb 2017 13:52:36 -0500 Content-Disposition: inline In-Reply-To: <87k28n1hao.fsf@lassieur.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: =?utf-8?Q?Cl=C3=A9ment?= Lassieur Cc: guix-devel@gnu.org On 17-02-18 19:32:15, Cl=C3=A9ment Lassieur wrote: > Ricardo Wurmus writes: > > Cl=C3=A9ment Lassieur writes: > > > >> * gnu/services/ssh.scm (openssh-config-file): Remove it. > >> ()[rsa-authentication?]: Remove it. > >> * doc/guix.texi (Networking Services): Remove it. > >> --- > >> doc/guix.texi | 5 ----- > >> gnu/services/ssh.scm | 5 ----- > >> 2 files changed, 10 deletions(-) > >> > >> diff --git a/doc/guix.texi b/doc/guix.texi > >> index 22eef3a64..54d4bab89 100644 > >> --- a/doc/guix.texi > >> +++ b/doc/guix.texi > >> @@ -9151,11 +9151,6 @@ false, users have to use other authentication= method. > >> Authorized public keys are stored in @file{~/.ssh/authorized_keys}. > >> This is used only by protocol version 2. > >> > >> -@item @code{rsa-authentication?} (default: @code{#t}) > >> -When true, users may log in using pure RSA authentication. When fa= lse, > >> -users have to use other means of authentication. This is used only= by > >> -protocol 1. > >> - > > > > Is it still possible to make SSH use protocol 1 or has this feature > > disappeared? If it is still possible I think we should not remove th= is > > option. >=20 > Quote from https://www.openssh.com/releasenotes.html (about OpenSSH > 7.4/7.4p1, which is the one we use): >=20 > * This release removes server support for the SSH v.1 protocol. >=20 > So I think it is not possible anymore. >=20 As this discussion is around openssh service and you are moving some pieces in there around: To me it looks as if we currently have no way to make sure that " Subsystem sftp /path/to/lib/ssh/sftp-server " is enabled in the sshd_config (needed for sshfs to function), is this correct? It would be good to add the 3 or 4 lines needed for this option as well, defaulting to #f. I won't add this as I'd prefer to wait until you're done. If you feel like this adds not much workload to the patchset, it would be very much appreciated as an additional patch.