Date: Sun, 4 Mar 2001 23:31:40 +0100 From: Jesper Skriver <jesper@skriver.dk> To: cjclark@alum.mit.edu Cc: John Polstra <jdp@polstra.com>, stable@FreeBSD.ORG Subject: Re: Is RhostsRSAAuthentication broken? Message-ID: <20010304233140.B95599@skriver.dk> In-Reply-To: <20010303151646.N89396@rfx-216-196-73-168.users.reflex>; from cjclark@reflexnet.net on Sat, Mar 03, 2001 at 03:16:46PM -0800 References: <XFMail.010303133807.jdp@polstra.com> <20010303151646.N89396@rfx-216-196-73-168.users.reflex>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 03, 2001 at 03:16:46PM -0800, Crist J. Clark wrote: > On Sat, Mar 03, 2001 at 01:38:07PM -0800, John Polstra wrote: > > Is ssh's RhostsRSAAuthentication using the ~/.shosts file broken in > > -stable? On the server, OpenSSH on a FreeBSD-stable machine from Jan > > 30, /etc/ssh/sshd_config contains: > > > > IgnoreRhosts no > > IgnoreUserKnownHosts no > > RhostsRSAAuthentication yes > > > > and the ~/.shosts file is set up correctly for the host+user that > > wants to connect. Also, I have the client's public host key (RSA) in > > both ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts on the server > > machine. > > > > On the client side, ~/.ssh/config contains: > > > > Host server.example.com > > RhostsRSAAuthentication yes > > > > When the client is OpenSSH on a FreeBSD-stable machine, "slogin -v > > server.example.com" shows no attempt at all by the client to use > > RhostsRSAAuthentication. > > Is /usr/bin/ssh setuid root on the client? It no longer is by > default. Do it by hand or enable, > > # To enable installing ssh(1) with the setuid bit turned on > ENABLE_SUID_SSH= true > > In your /etc/make.conf. This also just bit me - perhaps a note in /usr/src/UPDATING ?? /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: FreeBSD committer @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010304233140.B95599>