On 04/01/2014 15:57, Gevisz wrote: > On Sat, 04 Jan 2014 12:49:42 +0200 > Alan McKinnon <alan.mckin...@gmail.com> wrote: > >> On 04/01/2014 12:24, Gevisz wrote: >>> >>> After today's update of the world, emerge printed the following >>> message: >>> >>> * Messages for package net-misc/openssh-6.4_p1-r1: >>> * dev-libs/openssl was built with 'bindist' - disabling ecdsa >>> support >>> * Remember to merge your config files in /etc/ssh/ and then >>> * reload sshd: '/etc/init.d/sshd reload'. >>> >>> That was quite a surprise for me, as I never installed (open)ssh >>> and it is not in my world. >>> >>> After the following query: >>> >>> # equery depends --indirect openssh >>> >>> I have got the following: >>> >>> * These packages depend on openssh: >>> gnome-base/gvfs-1.16.4 (net-misc/openssh) >>> app-cdr/brasero-3.8.0 (gnome-base/gvfs) >>> media-gfx/gthumb-3.2.4 (cdr ? >=app-cdr/brasero-3.2) >>> app-editors/gedit-3.8.3 (gnome-base/gvfs) >>> gnome-base/nautilus-3.8.2 (>=gnome-base/gvfs-1.14[gtk]) >>> app-cdr/brasero-3.8.0 (nautilus ? >=gnome-base/nautilus-2.91.90) >>> app-text/evince-3.8.3 (nautilus ? >>> >=gnome-base/nautilus-2.91.4[introspection?]) >>> gnome-extra/sushi-3.8.1 (>=app-text/evince-3.0[introspection]) >>> gnome-base/nautilus-3.8.2 (previewer ? >=gnome-extra/sushi-0.1.9) >>> gnome-extra/sushi-3.8.1 (>=gnome-base/nautilus-3.1.90) >>> media-gfx/gimp-2.8.6 (gnome ? gnome-base/gvfs) >>> app-doc/gimp-help-2.6.1 (>=media-gfx/gimp-2.4) >>> media-gfx/dcraw-9.10 (gimp ? media-gfx/gimp) media-gfx/gthumb-3.2.4 >>> (!raw ? media-gfx/dcraw) xfce-base/thunar-1.6.2 (dbus ? >>> >=gnome-base/gvfs-1.10.1) (udev ? >>> >=gnome-base/gvfs-1.10.1[udisks,udev]) (udev ? >>> >=gnome-base/gvfs-1.10.1[gdu,udev]) (xfce_plugins_trash ? >>> >=gnome-base/gvfs-1.10.1) xfce-base/xfdesktop-4.10.2 (thunar ? >>> >=xfce-base/thunar-1.6[dbus]) xfce-base/xfce4-meta-4.10 >>> (>=xfce-base/xfdesktop-4.10) virtual/ssh-0 (minimal ? >>> net-misc/openssh) (!minimal ? net-misc/openssh) >>> >>> Inspecting my /etc/conf.d and /etc/init.d directories, >>> I have found sshd files in both of them. >>> >>> So, my main question is as follows: >>> >>> Do I really need (open)sshd and, if no, how can I properly disable >>> (open)sshd in my Gentoo box? >> >> If you have gvfs, you will have openssh, presumably so you can access >> remote files over ssh. >> >> Why do you want to disable the daemon? Just don't run it. > > As, I have just found out by running "rc-update show", sshd does not > run. > So, in this respect everything is ok, thank you. :) > >> openssh is extremely useful for many reasons, you really don't want to >> not have it. The package has the client and daemons, just don;t run >> the sshd daemon >> >>> >>> I guess that one of the ways to disable (open)sshd is to make >>> /etc/init.d/sshd file unexacutable, but is it a clean way to do so? >> >> No, that's dumb. It gets reset every time openssh is updated. >> >> Just don't run it. It doesn't magically start by itself. If it's >> security you are worried about, there are 100s of packages much more >> troublesome, openssh is not something you should be worried about wrt >> security. Just don't run the daemon. > > Yes, I was worried because of the security reasons. > >>> May be, it is relevant to this question that, in the future, >>> I am going to employ the distributed compiling feature for >>> this and another Gentoo box on the same local network. >> >> Not relevant. distcc has it's own listening daemon and doesn't >> use ssh for file transfer > > Ok, thank you. > >>> The additional my question is as follows: >>> >>> What I am supposed to do in response to the "merge your config files >>> in /etc/ssh/" message above? >> >> etc-update or conf-update or similar > > I was afraid to run etc-update as man says it will replace everything > automatically. However, I run dispatch-conf and it does not see any > problems at /etc/ssh, which have only the following three files: > moduli, ssh_config, sshd_config (though I have added /etc/ssh to > CONFIG_PROTECT_MASK). > > Actually, I also do not see any problems with this and do not understand > how I can "merge" them. > > Why, on Earth, I have got that "merge your config files in /etc/ssh/" > message from net-misc/openssh-6.4_p1-r1, then? > >> The ebuild has a dumbass elog() statement in it which you don't really >> need to be there, as you should be running conf-update anyway after >> every emerge right? > > Till now, I have always updated my configs manually using gvimdiff and > did know nothing about conf-update, etc-update or dispatch-conf tools. > The conf-update even have not been installed on my system. Do you think > I should try it?
All the questions you are asking are basic Gentoo questions, answered in the docs. Gentoo provides these tools such as etc-update and rc-update to make your life easier. You should familiarize yourself with them: http://www.gentoo.org/doc/en/handbook/ https://wiki.gentoo.org/wiki/Project:Documentation/Overview As for that elog message at the end of the merge, like I already said it's a stupid dumbass message that could be much more useful but isn't. >From the ebuild: pkg_postinst() { ... ewarn "Remember to merge your config files in /etc/ssh/ and then" ewarn "reload sshd: '/etc/init.d/sshd reload'." ... } So it always gets printed blindly, there's no check to see if it's actually needed or not, and it's very badly worded. You should use one of the update tools in portage, they make life so much easier. There's no sensible reason to fiddle with configs in vim when an automated tool is there and can do all the heavy lifting for you -- Alan McKinnon alan.mckin...@gmail.com
