1 |
On 04/01/2014 12:24, Gevisz wrote: |
2 |
> |
3 |
> After today's update of the world, emerge printed the following message: |
4 |
> |
5 |
> * Messages for package net-misc/openssh-6.4_p1-r1: |
6 |
> * dev-libs/openssl was built with 'bindist' - disabling ecdsa support |
7 |
> * Remember to merge your config files in /etc/ssh/ and then |
8 |
> * reload sshd: '/etc/init.d/sshd reload'. |
9 |
> |
10 |
> That was quite a surprise for me, as I never installed (open)ssh |
11 |
> and it is not in my world. |
12 |
> |
13 |
> After the following query: |
14 |
> |
15 |
> # equery depends --indirect openssh |
16 |
> |
17 |
> I have got the following: |
18 |
> |
19 |
> * These packages depend on openssh: |
20 |
> gnome-base/gvfs-1.16.4 (net-misc/openssh) |
21 |
> app-cdr/brasero-3.8.0 (gnome-base/gvfs) |
22 |
> media-gfx/gthumb-3.2.4 (cdr ? >=app-cdr/brasero-3.2) |
23 |
> app-editors/gedit-3.8.3 (gnome-base/gvfs) |
24 |
> gnome-base/nautilus-3.8.2 (>=gnome-base/gvfs-1.14[gtk]) |
25 |
> app-cdr/brasero-3.8.0 (nautilus ? >=gnome-base/nautilus-2.91.90) |
26 |
> app-text/evince-3.8.3 (nautilus ? |
27 |
> >=gnome-base/nautilus-2.91.4[introspection?]) |
28 |
> gnome-extra/sushi-3.8.1 (>=app-text/evince-3.0[introspection]) |
29 |
> gnome-base/nautilus-3.8.2 (previewer ? >=gnome-extra/sushi-0.1.9) |
30 |
> gnome-extra/sushi-3.8.1 (>=gnome-base/nautilus-3.1.90) |
31 |
> media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs) |
32 |
> app-doc/gimp-help-2.6.1 (>=media-gfx/gimp-2.4) media-gfx/dcraw-9.10 |
33 |
> (gimp ? media-gfx/gimp) media-gfx/gthumb-3.2.4 (!raw ? |
34 |
> media-gfx/dcraw) xfce-base/thunar-1.6.2 (dbus ? |
35 |
> >=gnome-base/gvfs-1.10.1) (udev ? |
36 |
> >=gnome-base/gvfs-1.10.1[udisks,udev]) (udev ? |
37 |
> >=gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ? |
38 |
> >=gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ? |
39 |
> >=xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10 |
40 |
> (>=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ? |
41 |
> net-misc/openssh) (!minimal ? net-misc/openssh) |
42 |
> |
43 |
> Inspecting my /etc/conf.d and /etc/init.d directories, |
44 |
> I have found sshd files in both of them. |
45 |
> |
46 |
> So, my main question is as follows: |
47 |
> |
48 |
> Do I really need (open)sshd and, if no, how can I properly disable |
49 |
> (open)sshd in my Gentoo box? |
50 |
|
51 |
If you have gvfs, you will have openssh, presumably so you can access |
52 |
remote files over ssh. |
53 |
|
54 |
Why do you want to disable the daemon? Just don't run it. |
55 |
|
56 |
openssh is extremely useful for many reasons, you really don't want to |
57 |
not have it. The package has the client and daemons, just don;t run the |
58 |
sshd daemon |
59 |
|
60 |
> |
61 |
> I guess that one of the ways to disable (open)sshd is to make |
62 |
> /etc/init.d/sshd file unexacutable, but is it a clean way to do so? |
63 |
|
64 |
No, that's dumb. It gets reset every time openssh is updated. |
65 |
|
66 |
Just don't run it. It doesn't magically start by itself. If it's |
67 |
security you are worried about, there are 100s of packages much more |
68 |
troublesome, openssh is not something you should be worried about wrt |
69 |
security. Just don't run the daemon. |
70 |
|
71 |
> |
72 |
> May be, it is relevant to this question that, in the future, |
73 |
> I am going to employ the distributed compiling feature for |
74 |
> this and another Gentoo box on the same local network. |
75 |
|
76 |
Not relevant. distcc has it's own listening daemon and doesn't use ssh |
77 |
for file transfer |
78 |
|
79 |
> |
80 |
> The additional my question is as follows: |
81 |
> |
82 |
> What I am supposed to do in response to the "merge your config files |
83 |
> in /etc/ssh/" message above? |
84 |
|
85 |
etc-update or conf-update or similar |
86 |
|
87 |
The ebuild has a dumbass elog() statement in it which you don't really |
88 |
need to be there, as you should be running conf-update anyway after |
89 |
every emerge right? |
90 |
|
91 |
> |
92 |
> Thank you. |
93 |
> |
94 |
> |
95 |
> |
96 |
> |
97 |
> |
98 |
|
99 |
|
100 |
-- |
101 |
Alan McKinnon |
102 |
alan.mckinnon@×××××.com |