On Sat, 04 Jan 2014 17:15:22 +0200 Alan McKinnon <alan.mckin...@gmail.com> wrote:
> On 04/01/2014 15:57, Gevisz wrote: > > On Sat, 04 Jan 2014 12:49:42 +0200 > > Alan McKinnon <alan.mckin...@gmail.com> wrote: > > > >> On 04/01/2014 12:24, Gevisz wrote: > >>> > >>> After today's update of the world, emerge printed the following > >>> message: > >>> > >>> * Messages for package net-misc/openssh-6.4_p1-r1: > >>> * dev-libs/openssl was built with 'bindist' - disabling ecdsa > >>> support > >>> * Remember to merge your config files in /etc/ssh/ and then > >>> * reload sshd: '/etc/init.d/sshd reload'. > >>> > >>> That was quite a surprise for me, as I never installed (open)ssh > >>> and it is not in my world. > >>> > >>> After the following query: > >>> > >>> # equery depends --indirect openssh > >>> > >>> I have got the following: > >>> > >>> * These packages depend on openssh: > >>> gnome-base/gvfs-1.16.4 (net-misc/openssh) > >>> app-cdr/brasero-3.8.0 (gnome-base/gvfs) > >>> media-gfx/gthumb-3.2.4 (cdr ? >=app-cdr/brasero-3.2) > >>> app-editors/gedit-3.8.3 (gnome-base/gvfs) > >>> gnome-base/nautilus-3.8.2 (>=gnome-base/gvfs-1.14[gtk]) > >>> app-cdr/brasero-3.8.0 (nautilus ? >=gnome-base/nautilus-2.91.90) > >>> app-text/evince-3.8.3 (nautilus ? > >>> >=gnome-base/nautilus-2.91.4[introspection?]) > >>> gnome-extra/sushi-3.8.1 (>=app-text/evince-3.0[introspection]) > >>> gnome-base/nautilus-3.8.2 (previewer ? > >>> >=gnome-extra/sushi-0.1.9) gnome-extra/sushi-3.8.1 > >>> >(>=gnome-base/nautilus-3.1.90) > >>> media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs) > >>> app-doc/gimp-help-2.6.1 (>=media-gfx/gimp-2.4) > >>> media-gfx/dcraw-9.10 (gimp ? media-gfx/gimp) > >>> media-gfx/gthumb-3.2.4 (!raw ? media-gfx/dcraw) > >>> xfce-base/thunar-1.6.2 (dbus ? > >>> >=gnome-base/gvfs-1.10.1) (udev ? > >>> >=gnome-base/gvfs-1.10.1[udisks,udev]) (udev ? > >>> >=gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ? > >>> >=gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ? > >>> >=xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10 > >>> (>=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ? > >>> net-misc/openssh) (!minimal ? net-misc/openssh) > >>> > >>> Inspecting my /etc/conf.d and /etc/init.d directories, > >>> I have found sshd files in both of them. > >>> > >>> So, my main question is as follows: > >>> > >>> Do I really need (open)sshd and, if no, how can I properly disable > >>> (open)sshd in my Gentoo box? > >> > >> If you have gvfs, you will have openssh, presumably so you can > >> access remote files over ssh. > >> > >> Why do you want to disable the daemon? Just don't run it. > > > > As, I have just found out by running "rc-update show", sshd does not > > run. > > So, in this respect everything is ok, thank you. :) > > > >> openssh is extremely useful for many reasons, you really don't > >> want to not have it. The package has the client and daemons, just > >> don;t run the sshd daemon > >> > >>> > >>> I guess that one of the ways to disable (open)sshd is to make > >>> /etc/init.d/sshd file unexacutable, but is it a clean way to do > >>> so? > >> > >> No, that's dumb. It gets reset every time openssh is updated. > >> > >> Just don't run it. It doesn't magically start by itself. If it's > >> security you are worried about, there are 100s of packages much > >> more troublesome, openssh is not something you should be worried > >> about wrt security. Just don't run the daemon. > > > > Yes, I was worried because of the security reasons. > > > >>> May be, it is relevant to this question that, in the future, > >>> I am going to employ the distributed compiling feature for > >>> this and another Gentoo box on the same local network. > >> > >> Not relevant. distcc has it's own listening daemon and doesn't > >> use ssh for file transfer > > > > Ok, thank you. > > > >>> The additional my question is as follows: > >>> > >>> What I am supposed to do in response to the "merge your config > >>> files in /etc/ssh/" message above? > >> > >> etc-update or conf-update or similar > > > > I was afraid to run etc-update as man says it will replace > > everything automatically. However, I run dispatch-conf and it does > > not see any problems at /etc/ssh, which have only the following > > three files: moduli, ssh_config, sshd_config (though I have > > added /etc/ssh to CONFIG_PROTECT_MASK). > > > > Actually, I also do not see any problems with this and do not > > understand how I can "merge" them. > > > > Why, on Earth, I have got that "merge your config files > > in /etc/ssh/" message from net-misc/openssh-6.4_p1-r1, then? > > > >> The ebuild has a dumbass elog() statement in it which you don't > >> really need to be there, as you should be running conf-update > >> anyway after every emerge right? > > > > Till now, I have always updated my configs manually using gvimdiff > > and did know nothing about conf-update, etc-update or dispatch-conf > > tools. The conf-update even have not been installed on my system. > > Do you think I should try it? > > > All the questions you are asking are basic Gentoo questions, answered > in the docs. Gentoo provides these tools such as etc-update and > rc-update to make your life easier. You should familiarize yourself > with them: > > http://www.gentoo.org/doc/en/handbook/ > https://wiki.gentoo.org/wiki/Project:Documentation/Overview > > > > As for that elog message at the end of the merge, like I already said > it's a stupid dumbass message that could be much more useful but > isn't. From the ebuild: > > pkg_postinst() { > ... > ewarn "Remember to merge your config files in /etc/ssh/ and then" > ewarn "reload sshd: '/etc/init.d/sshd reload'." > ... > } > > So it always gets printed blindly, there's no check to see if it's > actually needed or not, and it's very badly worded. Thank you, now it is clear. > You should use one of the update tools in portage, they make life so > much easier. There's no sensible reason to fiddle with configs in vim > when an automated tool is there and can do all the heavy lifting for > you >
