Subject: Re: /usr/pkg/etc vs. /etc
To: NetBSD Packages Technical Discussion List <tech-pkg@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: tech-pkg
Date: 12/10/1998 23:08:26
[ On Thu, December 10, 1998 at 18:30:36 (-0800), Computo Ergo Checksum wrote: ]
> Subject: Re: /usr/pkg/etc vs. /etc
>
> * > SSH_CONF_DIR?= /usr/pkg/etc
>
> Shouldn't that be made into
>
> SSH_CONF_DIR?= ${LOCALBASE}/etc
>
> instead?
Well, yes, I suppose it should! ;-) Thanks!
> * NOTE: I do *NOT* want this patch applied to the NetBSD sources!
>
> Actually, a pretty strong case COULD be made for this one, I think...
Yes, one could argue for it, but only if you first make a rule that
$LOCALBASE/etc can *not* be shared, since any sharing of ssh_host_key et
al will cause grief and possibly open up a crevasse in SSH security.
It might be better to argue that only ssh_config and sshd_config should
be put in /etc or $LOCALBASE/etc, and the rest should be in /var/ssh
(with ssh_random_seed possibly in /var/run), but I didn't have much luck
getting that idea past the SSH maintainers.
In theory the host key pair shouldn't change over the lifetime of the
host, at least not without good reason to revoke them, and the argument
was made that /etc was safer and more stable than /var for this purpose.
(which I don't agree with, but....)
However I don't think there's any excuse for not keeping ssh_random_seed
in /var/run except for the fact that it would then be the only ssh
run-time file not in /etc....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>