Date: Sat, 26 Feb 2000 15:55:37 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: sthaug@nethelp.no Cc: jkh@zippy.cdrom.com, current@FreeBSD.ORG, markm@FreeBSD.ORG Subject: Re: OpenSSH /etc patch Message-ID: <Pine.BSF.4.21.0002261550480.217-100000@freefall.freebsd.org> In-Reply-To: <68686.951563042@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 26 Feb 2000 sthaug@nethelp.no wrote:
> > If you want to tinker with the file permissions, can't you deal with the
> > fact that the startup scripts will create a host key for you the first
> > time you boot with it installed?
>
> As long as there is an easy way of running ssh without any special privs,
> I'm happy.
ssh 'seemed to work' when not setuid. I could log in using RSA
authentication as well as password-based, but didnt try much else.
From /usr/src/crypto/openssh/OVERVIEW:
- The client is suid root. It tries to temporarily give up this
rights while reading the configuration data. The root
privileges are only used to make the connection (from a
privileged socket). Any extra privileges are dropped before
calling ssh_login.
This comment doesn't seem to be completely accurate given what I earlier
posted from the code (it's also used for RSA-rhosts authentication), but
for most purposes you can safely remove the setuid flag.
Kris
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0002261550480.217-100000>