From owner-freebsd-security  Wed Mar 13  5:51:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2FCA137B4FC; Wed, 13 Mar 2002 05:51:43 -0800 (PST)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 729DC5347; Wed, 13 Mar 2002 14:51:41 +0100 (CET)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: security@freebsd.org
Subject: sshd UseLogin option
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 13 Mar 2002 14:51:40 +0100
Message-ID: <xzpg034a843.fsf@flood.ping.uio.no>
Lines: 9
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Could someone please explain to me why we don't use sshd's UseLogin
option by default?  I know that there was a security hole related to
that option recently, but that's not a real reason - security holes
can show up anywhere - so is there anything that makes UseLogin a
particularly bad idea?

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message