From owner-freebsd-current Sat Feb 26 15:55:40 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 31AE037B646; Sat, 26 Feb 2000 15:55:38 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA00414; Sat, 26 Feb 2000 15:55:38 -0800 (PST) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 26 Feb 2000 15:55:37 -0800 (PST) From: Kris Kennaway To: sthaug@nethelp.no Cc: jkh@zippy.cdrom.com, current@FreeBSD.ORG, markm@FreeBSD.ORG Subject: Re: OpenSSH /etc patch In-Reply-To: <68686.951563042@verdi.nethelp.no> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 26 Feb 2000 sthaug@nethelp.no wrote: > > If you want to tinker with the file permissions, can't you deal with the > > fact that the startup scripts will create a host key for you the first > > time you boot with it installed? > > As long as there is an easy way of running ssh without any special privs, > I'm happy. ssh 'seemed to work' when not setuid. I could log in using RSA authentication as well as password-based, but didnt try much else. From /usr/src/crypto/openssh/OVERVIEW: - The client is suid root. It tries to temporarily give up this rights while reading the configuration data. The root privileges are only used to make the connection (from a privileged socket). Any extra privileges are dropped before calling ssh_login. This comment doesn't seem to be completely accurate given what I earlier posted from the code (it's also used for RSA-rhosts authentication), but for most purposes you can safely remove the setuid flag. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message