From owner-freebsd-security Wed Mar 13 8:28:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from draco.over-yonder.net (draco.over-yonder.net [198.78.58.61]) by hub.freebsd.org (Postfix) with ESMTP id A553B37B419 for ; Wed, 13 Mar 2002 08:28:31 -0800 (PST) Received: by draco.over-yonder.net (Postfix, from userid 100) id 3844EFC2; Wed, 13 Mar 2002 10:28:31 -0600 (CST) Date: Wed, 13 Mar 2002 10:28:31 -0600 From: "Matthew D. Fuller" To: Dag-Erling Smorgrav Cc: security@freebsd.org Subject: Re: sshd UseLogin option Message-ID: <20020313102831.M57293@over-yonder.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5-fullermd.1i In-Reply-To: ; from des@ofug.org on Wed, Mar 13, 2002 at 02:51:40PM +0100 X-Editor: vi X-OS: FreeBSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 13, 2002 at 02:51:40PM +0100 I heard the voice of Dag-Erling Smorgrav, and lo! it spake thus: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? On a side note, it sure would be nifty if UseLogin actually used login(1), which it didn't last I checked. Noticed-by: /etc/login.access strangely not applying to ssh connections. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message