Skip site navigation (1)Skip section navigation (2) 
Date:      Thu,  3 Jun 1999 12:12:13 -0600 (MDT)
From:      "David G. Andersen" <danderse@cs.utah.edu>
To:        Matthew Hunt <mph@astro.caltech.edu>
Cc:        "Jan B. Koum " <jkb@best.com>, Bill Fumerola <billf@jade.chc-chimes.com>, Unknow User <kernel@tdnet.com.br>, freebsd-security@FreeBSD.ORG
Subject:   Re: SSH2 (in FreeBSD-Questions)
Message-ID:  <14166.50513.861526.155312@torrey.cs.utah.edu>
In-Reply-To: Matthew Hunt's message of Thu, June 3 1999 <19990603110957.C59847@wopr.caltech.edu>
References:  <375690E3.4BC9BB94@tdnet.com.br> <Pine.BSF.3.96.990603133742.8776C-100000@jade.chc-chimes.com> <19990603110213.B19566@best.com> <19990603110957.C59847@wopr.caltech.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 

It's SUID so it can obtain the local host private key, for
authentication to the remote machine.  This is necessary if you use
ssh with .rhosts/.shosts functionality.

If you don't care about this functionality, then you don't need it to
be suid.

   -Dave

Lo and Behold, Matthew Hunt said:
> On Thu, Jun 03, 1999 at 11:02:14AM -0700, Jan B. Koum  wrote:
> 
> > 	Ports will install ssh client suid, where I am 99% sure you don't
> > need the client to be suid. I always do '--disable-suid-ssh' when rolling
> > out new ssh.
> 
> Why does it build SUID as shipped?  What are the implications of
> installing it otherwise?  The port can certainly be changed, if the
> Right Way is with --disable-suid-ssh.
> 
> In any case, anyone can add --disable-suid-ssh to the CONFIGURE_ARGS
> line of the port Makefile, and still derive the benefit of the login.conf
> patches, pkg_delete, and so forth.
> 
> It seems that the original poster isn't even willing to just apply
> the appropriate patch from the port to solve his problem.  I really
> do not understand the confusion that is at work here.
> 
> Matt
> 
> -- 
> Matthew Hunt <mph@astro.caltech.edu> * Inertia is a property
> http://www.pobox.com/~mph/           * of matter.
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
work: danderse@cs.utah.edu                     me:  angio@pobox.com
      University of Utah                            http://www.angio.net/
      Computer Science - Flux Research Group   "What's footnote FIVE?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14166.50513.861526.155312>