From owner-freebsd-security Wed Mar 13 23: 5:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id D9E9E37B417 for ; Wed, 13 Mar 2002 23:05:37 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020314070537.JCYU1147.rwcrmhc52.attbi.com@blossom.cjclark.org>; Thu, 14 Mar 2002 07:05:37 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2E75aL39503; Wed, 13 Mar 2002 23:05:36 -0800 (PST) (envelope-from cjc) Date: Wed, 13 Mar 2002 23:05:36 -0800 From: "Crist J. Clark" To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020313230536.B29705@blossom.cjclark.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Wed, Mar 13, 2002 at 02:51:40PM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 13, 2002 at 02:51:40PM +0100, Dag-Erling Smorgrav wrote: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? Who uses system passwords with ssh(1)? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message