Date: Wed, 13 Mar 2002 10:28:31 -0600 From: "Matthew D. Fuller" <fullermd@over-yonder.net> To: Dag-Erling Smorgrav <des@ofug.org> Cc: security@freebsd.org Subject: Re: sshd UseLogin option Message-ID: <20020313102831.M57293@over-yonder.net> In-Reply-To: <xzpg034a843.fsf@flood.ping.uio.no>; from des@ofug.org on Wed, Mar 13, 2002 at 02:51:40PM %2B0100 References: <xzpg034a843.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 13, 2002 at 02:51:40PM +0100 I heard the voice of Dag-Erling Smorgrav, and lo! it spake thus: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? On a side note, it sure would be nifty if UseLogin actually used login(1), which it didn't last I checked. Noticed-by: /etc/login.access strangely not applying to ssh connections. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020313102831.M57293>