Date: Thu, 13 Sep 2001 13:00:58 +1000 From: Greg Black <gjb@gbch.net> To: Tony Wells <tony@camel.kdsi.net> Cc: questions@FreeBSD.ORG Subject: Re: Avoiding passwords with ssh under 4.3R Message-ID: <nospam-1000350058.50298@mx.gbch.net> In-Reply-To: <3B9F9263.71665CAA@camel.kdsi.net> of Wed, 12 Sep 2001 11:50:43 EST References: <nospam-1000238233.80909@mx.gbch.net> <3B9F9263.71665CAA@camel.kdsi.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Message re-formatted in the accepted format. Please don't just
stick comments on the top of a quoted message.
Tony Wells wrote:
| Greg Black wrote:
|
| > I have recently installed 4.3-RELEASE on a system which needs
| > ssh access to a couple 4.2-R boxes. I copied the ssh_config and
| > sshd_config files from the 4.2 boxes to the new system.
| >
| > From the 4.2 boxes, I can ssh to any system without a password,
| > but from the 4.3 box I am prompted for a password on every
| > system, including the 4.3 box itself.
| >
| > The other anomaly is that root can ssh out to all hosts from the
| > 4.3 box without a password; the password requirement is limited
| > to non-root users.
| >
| > If anybody can tell me what I've missed in order to ssh out of
| > that 4.3 box as an ordinary user without having to type a
| > password, I'd be delighted.
|
| It sounds like you're looking for RSA/DSA based authentication, for
| version 1 and 2 respectively. On your new box, you probably don't have
| a key installed for the user that the server you're ssh'ing to
| recognizes.
The thing is that it was /not/ looking for the authentication I
wanted unless it was run by root. As was made clear in the
information above, it was nothing to do with keys.
The following line did not appear in the debug log (it just went
straight to password authentication):
Trying rhosts or /etc/hosts.equiv with RSA host authentication
| If you 'man ssh' there is a pretty clear explantion on how to get this
| going.
If that was true, I would not have asked the question.
Anyway, I have discovered why it did not work under 4.3-R -- for
some reason /usr/sbin/ssh is not setuid root as it is on the 4.2
boxes.
My real question then is: why was this change made, since it
appears to break ssh operation? And, for extra points, it there
any reason why I should not restore the setuid bit on ssh?
Please address replies to me as well as the list, as I'm not
currently subscribed.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nospam-1000350058.50298>