From owner-freebsd-current  Sat Feb 26  5:17:49 2000
Delivered-To: freebsd-current@freebsd.org
Received: from bg.sics.se (bg.sics.se [193.10.66.124])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4E67337BBCF; Sat, 26 Feb 2000 05:17:44 -0800 (PST)
	(envelope-from bg@bg.sics.se)
Received: (from bg@localhost)
	by bg.sics.se (8.9.3/8.9.3) id OAA03973;
	Sat, 26 Feb 2000 14:18:00 +0100 (CET)
	(envelope-from bg)
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, current@FreeBSD.ORG,
	markm@FreeBSD.ORG
Subject: Re: OpenSSH /etc patch
References: <Pine.BSF.4.21.0002260243170.79658-100000@freefall.freebsd.org>
From: Bjoern Groenvall <bg@sics.se>
Date: 26 Feb 2000 14:17:59 +0100
In-Reply-To: Kris Kennaway's message of Sat, 26 Feb 2000 02:44:09 -0800 (PST)
Message-ID: <wu4saw6r20.fsf@bg.sics.se>
Lines: 44
X-Mailer: Red Gnus v0.52/Emacs 19.34
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Kris Kennaway <kris@FreeBSD.ORG> writes:

> yOn Sat, 26 Feb 2000, Jordan K. Hubbard wrote:
> 
> > > +# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
> > > +# so we do it unconditionally on sshd_enable.
> > 
> > Are you sure ssh requires a host key?  I could have sworn this was
> > entirely related to sshd and could thus be lumped into the same
> > "if sshd_enable=YES" clause.
> 
> The code does not lie :-)
> 
> >From ssh.c:
> 
>         /*
>          * If we successfully made the connection, load the host private
> key
>          * in case we will need it later for combined rsa-rhosts
>          * authentication. This must be done before releasing extra
>          * privileges, because the file is only readable by root.
>          */
>         if (ok) {
>                 host_private_key = RSA_new();
>                 if (load_private_key(HOST_KEY_FILE, "", host_private_key,
> NULL))
>                         host_private_key_loaded = 1;
>         }

Right, the code does not lie (if ssh is setuid root). But, if the host
key has not yet been created, then no host can have the public key and
thus rsa-rhosts authentication won't work anyways. It is not required
to run ssh-keygen to make ssh work, Sshd still requires the host key
to operate.

/Björn

-- 
  _     _                                               ,_______________.  
Bjorn Gronvall (Björn Grönvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg@sics.se, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------' 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message