Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#45072 - [openssh] Add /etc/ssh/moduli to backup files
Attached to Project:
Arch Linux
Opened by Hermann Zahnweh (eigengrau) - Sunday, 24 May 2015, 19:10 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 04 July 2015, 03:29 GMT
Opened by Hermann Zahnweh (eigengrau) - Sunday, 24 May 2015, 19:10 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 04 July 2015, 03:29 GMT
|
DetailsDescription:
With the recent logjam vulnerability, generating site-specific parameters for the DH key exchange has become more desirable. Should /etc/ssh/moduli be added to the package’s backup files for it not to be clobbered upon package updates? Additional info: openssh 6.8p1-3 |
This task depends upon
Closed by Gaetan Bisson (vesath)
Saturday, 04 July 2015, 03:29 GMT
Reason for closing: Fixed
Additional comments about closing: openssh-6.9p1-1 in [core]
Saturday, 04 July 2015, 03:29 GMT
Reason for closing: Fixed
Additional comments about closing: openssh-6.9p1-1 in [core]
Comment by Gaetan Bisson (vesath) -
Monday, 25 May 2015, 16:51 GMT
A new openssh release should be released in the near future with changes to the moduli file. We obviously want all our users to benefit from those changes, even without merging this file manually. Besides, it is not really a configuration file, rather a "data" file so, although I definitely understand the need to change it right now, I do not believe the backup array is the answer. I would advise you to update your current moduli file as you see fit, knowing that the new version, when release, will override that file with fresh upstream values.