From owner-freebsd-arch  Sat Sep  2 16: 3:59 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP
	id D62DE37B42C; Sat,  2 Sep 2000 16:03:54 -0700 (PDT)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 13VMKD-000Amj-00; Sun, 03 Sep 2000 01:03:49 +0200
Date: Sun, 3 Sep 2000 01:03:49 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Brian Somers <brian@Awfulhak.org>
Cc: Kris Kennaway <kris@FreeBSD.org>,
	"Jacques A. Vidrine" <n@nectar.com>,
	Poul-Henning Kamp <phk@critter.freebsd.dk>,
	Dan Nelson <dnelson@emsphone.com>, sthaug@nethelp.no,
	ume@FreeBSD.org, arch@FreeBSD.org
Subject: Re: setuid ssh should die
Message-ID: <20000903010349.A41415@mithrandr.moria.org>
References: <brian@Awfulhak.org> <200009022257.e82MvK775931@hak.lan.Awfulhak.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <200009022257.e82MvK775931@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on Sat, Sep 02, 2000 at 11:57:20PM +0100
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat 2000-09-02 (23:57), Brian Somers wrote:
> > > On Sat, 2 Sep 2000, Brian Somers wrote:
> > > 
> > > > What do people reckon then (-arch cc'd) ?  I'll add
> > > > 
> > > > #ENABLE_SUIDSSH=	true
> > > > 
> > > > to etc/defaults/make.conf then mention it in ssh_config and make the 
> > > > adjustment to the ssh build so that it defaults to *not* being suid.
> > > 
> > > I have no problems making ssh non-suid by default since most people dont
> > > use RhostsRSAAuthentication.
> > > 
> > > Since I have ssh changes in the works please send me the patches and I'll
> > > apply them after the upgrade. Please add information to the manpage on how
> > > to fix it, and a helpful error telling them what to do when the user tries
> > > to use it.
> > 
> > That's no problem, except for the ``helpful error'' bit.  I don't 
> > think ssh should attempt to interpret the failure to bind a socket.  
> > The perror() should be sufficient in my book.
> 
> Wait... I'm missing something here.  It seems that ssh will exec rsh 
> when FallBackToRsh is enabled.  It therefore doesn't need root for 
> anything I know of.
> 
> Can anybody enlighten me ?

RhostsRSAAuthentication is for .rhosts-like authentication, except that
there is authentication of the host.  You put the host key in
/etc/known_hosts, and the hostname in /etc/shosts, and when someone
claims to be that host, you compare to the public key in known_hosts,
and if they match, you let their authentication succeed.  Of not,
obviously, it kvetches.

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message