Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 4 Mar 2001 23:31:40 +0100
From:      Jesper Skriver <jesper@skriver.dk>
To:        cjclark@alum.mit.edu
Cc:        John Polstra <jdp@polstra.com>, stable@FreeBSD.ORG
Subject:   Re: Is RhostsRSAAuthentication broken?
Message-ID:  <20010304233140.B95599@skriver.dk>
In-Reply-To: <20010303151646.N89396@rfx-216-196-73-168.users.reflex>; from cjclark@reflexnet.net on Sat, Mar 03, 2001 at 03:16:46PM -0800
References:  <XFMail.010303133807.jdp@polstra.com> <20010303151646.N89396@rfx-216-196-73-168.users.reflex>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Mar 03, 2001 at 03:16:46PM -0800, Crist J. Clark wrote:
> On Sat, Mar 03, 2001 at 01:38:07PM -0800, John Polstra wrote:
> > Is ssh's RhostsRSAAuthentication using the ~/.shosts file broken in
> > -stable?  On the server, OpenSSH on a FreeBSD-stable machine from Jan
> > 30, /etc/ssh/sshd_config contains:
> > 
> >     IgnoreRhosts no
> >     IgnoreUserKnownHosts no
> >     RhostsRSAAuthentication yes
> > 
> > and the ~/.shosts file is set up correctly for the host+user that
> > wants to connect.  Also, I have the client's public host key (RSA) in
> > both ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts on the server
> > machine.
> > 
> > On the client side, ~/.ssh/config contains:
> > 
> >     Host server.example.com
> >         RhostsRSAAuthentication yes
> > 
> > When the client is OpenSSH on a FreeBSD-stable machine, "slogin -v
> > server.example.com" shows no attempt at all by the client to use
> > RhostsRSAAuthentication.
> 
> Is /usr/bin/ssh setuid root on the client? It no longer is by
> default. Do it by hand or enable,
> 
>   # To enable installing ssh(1) with the setuid bit turned on
>   ENABLE_SUID_SSH=       true
> 
> In your /etc/make.conf.

This also just bit me - perhaps a note in /usr/src/UPDATING ??

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456
Work:    Network manager   @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010304233140.B95599>