From owner-freebsd-security Thu Jun 3 11:12:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100]) by hub.freebsd.org (Postfix) with ESMTP id 7500D15293 for ; Thu, 3 Jun 1999 11:12:48 -0700 (PDT) (envelope-from danderse@cs.utah.edu) Received: from torrey.cs.utah.edu (torrey.cs.utah.edu [155.99.212.91]) by wrath.cs.utah.edu (8.8.8/8.8.8) with ESMTP id MAA28789; Thu, 3 Jun 1999 12:12:13 -0600 (MDT) Received: (from danderse@localhost) by torrey.cs.utah.edu (8.9.3/8.9.1) id MAA62390; Thu, 3 Jun 1999 12:12:13 -0600 (MDT) (envelope-from danderse@cs.utah.edu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 3 Jun 1999 12:12:13 -0600 (MDT) From: "David G. Andersen" To: Matthew Hunt Cc: "Jan B. Koum " , Bill Fumerola , Unknow User , freebsd-security@FreeBSD.ORG Subject: Re: SSH2 (in FreeBSD-Questions) In-Reply-To: Matthew Hunt's message of Thu, June 3 1999 <19990603110957.C59847@wopr.caltech.edu> References: <375690E3.4BC9BB94@tdnet.com.br> <19990603110213.B19566@best.com> <19990603110957.C59847@wopr.caltech.edu> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14166.50513.861526.155312@torrey.cs.utah.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It's SUID so it can obtain the local host private key, for authentication to the remote machine. This is necessary if you use ssh with .rhosts/.shosts functionality. If you don't care about this functionality, then you don't need it to be suid. -Dave Lo and Behold, Matthew Hunt said: > On Thu, Jun 03, 1999 at 11:02:14AM -0700, Jan B. Koum wrote: > > > Ports will install ssh client suid, where I am 99% sure you don't > > need the client to be suid. I always do '--disable-suid-ssh' when rolling > > out new ssh. > > Why does it build SUID as shipped? What are the implications of > installing it otherwise? The port can certainly be changed, if the > Right Way is with --disable-suid-ssh. > > In any case, anyone can add --disable-suid-ssh to the CONFIGURE_ARGS > line of the port Makefile, and still derive the benefit of the login.conf > patches, pkg_delete, and so forth. > > It seems that the original poster isn't even willing to just apply > the appropriate patch from the port to solve his problem. I really > do not understand the confusion that is at work here. > > Matt > > -- > Matthew Hunt * Inertia is a property > http://www.pobox.com/~mph/ * of matter. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- work: danderse@cs.utah.edu me: angio@pobox.com University of Utah http://www.angio.net/ Computer Science - Flux Research Group "What's footnote FIVE?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message