Date: Sat, 2 Sep 2000 15:47:54 -0500 From: "Jacques A. Vidrine" <n@nectar.com> To: Dan Nelson <dnelson@emsphone.com> Cc: sthaug@nethelp.no, phk@critter.freebsd.dk, ume@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: setuid ssh should die (Re: Request for review: nsswitch) Message-ID: <20000902154753.B1263@hamlet.nectar.com> In-Reply-To: <20000902151406.A7615@dan.emsphone.com>; from dnelson@emsphone.com on Sat, Sep 02, 2000 at 03:14:07PM -0500 References: <41582.967924374@critter> <62717.967924513@verdi.nethelp.no> <20000902145822.B28852@dan.emsphone.com> <20000902150221.A1263@hamlet.nectar.com> <20000902151406.A7615@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 02, 2000 at 03:14:07PM -0500, Dan Nelson wrote: > (assume we're connecting from pc1 to pc2 ) > > Right; if ssh is not setuid, it doesn't have access to pc1's private > host key, so the sshd on pc2 cannot verify pc1's identity. That means > sshd can't use .shosts. See the ssh/sshd manpage, under > "RhostsRSAAuthentication". Sorry, I thought you were talking about something else. RhostsRSAAuthentication is, of course, off by default. -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000902154753.B1263>