From owner-freebsd-stable  Sun Mar  4 14:31:45 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97])
	by hub.freebsd.org (Postfix) with ESMTP id ACF9F37B71A
	for <stable@FreeBSD.ORG>; Sun,  4 Mar 2001 14:31:41 -0800 (PST)
	(envelope-from jesper@skriver.dk)
Received: by freesbee.wheel.dk (Postfix, from userid 1001)
	id 27B705D5C; Sun,  4 Mar 2001 23:31:40 +0100 (CET)
Date: Sun, 4 Mar 2001 23:31:40 +0100
From: Jesper Skriver <jesper@skriver.dk>
To: cjclark@alum.mit.edu
Cc: John Polstra <jdp@polstra.com>, stable@FreeBSD.ORG
Subject: Re: Is RhostsRSAAuthentication broken?
Message-ID: <20010304233140.B95599@skriver.dk>
References: <XFMail.010303133807.jdp@polstra.com> <20010303151646.N89396@rfx-216-196-73-168.users.reflex>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010303151646.N89396@rfx-216-196-73-168.users.reflex>; from cjclark@reflexnet.net on Sat, Mar 03, 2001 at 03:16:46PM -0800
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Mar 03, 2001 at 03:16:46PM -0800, Crist J. Clark wrote:
> On Sat, Mar 03, 2001 at 01:38:07PM -0800, John Polstra wrote:
> > Is ssh's RhostsRSAAuthentication using the ~/.shosts file broken in
> > -stable?  On the server, OpenSSH on a FreeBSD-stable machine from Jan
> > 30, /etc/ssh/sshd_config contains:
> > 
> >     IgnoreRhosts no
> >     IgnoreUserKnownHosts no
> >     RhostsRSAAuthentication yes
> > 
> > and the ~/.shosts file is set up correctly for the host+user that
> > wants to connect.  Also, I have the client's public host key (RSA) in
> > both ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts on the server
> > machine.
> > 
> > On the client side, ~/.ssh/config contains:
> > 
> >     Host server.example.com
> >         RhostsRSAAuthentication yes
> > 
> > When the client is OpenSSH on a FreeBSD-stable machine, "slogin -v
> > server.example.com" shows no attempt at all by the client to use
> > RhostsRSAAuthentication.
> 
> Is /usr/bin/ssh setuid root on the client? It no longer is by
> default. Do it by hand or enable,
> 
>   # To enable installing ssh(1) with the setuid bit turned on
>   ENABLE_SUID_SSH=       true
> 
> In your /etc/make.conf.

This also just bit me - perhaps a note in /usr/src/UPDATING ??

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456
Work:    Network manager   @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message