From owner-freebsd-security  Thu Mar 14  6:49:11 2002
Delivered-To: freebsd-security@freebsd.org
Received: from shikima.mine.nu (pc1-card4-0-cust77.cdf.cable.ntl.com [62.252.49.77])
	by hub.freebsd.org (Postfix) with ESMTP id ECB5037B400
	for <security@freebsd.org>; Thu, 14 Mar 2002 06:49:02 -0800 (PST)
Received: from rasputin by shikima.mine.nu with local (Exim 3.35 #1)
	id 16lWXL-0004CZ-00; Thu, 14 Mar 2002 14:48:59 +0000
Date: Thu, 14 Mar 2002 14:48:59 +0000
From: Rasputin <rasputin@shikima.mine.nu>
To: "Matthew D. Fuller" <fullermd@over-yonder.net>
Cc: security@freebsd.org
Subject: Re: sshd UseLogin option
Message-ID: <20020314144859.A13371@shikima.mine.nu>
Reply-To: Rasputin <rasputin@shikima.mine.nu>
References: <xzpg034a843.fsf@flood.ping.uio.no> <20020313102831.M57293@over-yonder.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020313102831.M57293@over-yonder.net>; from fullermd@over-yonder.net on Wed, Mar 13, 2002 at 10:28:31AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Matthew D. Fuller <fullermd@over-yonder.net> [020313 16:29]:
> On Wed, Mar 13, 2002 at 02:51:40PM +0100 I heard the voice of
> Dag-Erling Smorgrav, and lo! it spake thus:
> > Could someone please explain to me why we don't use sshd's UseLogin
> > option by default?  I know that there was a security hole related to
> > that option recently, but that's not a real reason - security holes
> > can show up anywhere - so is there anything that makes UseLogin a
> > particularly bad idea?
> 
> On a side note, it sure would be nifty if UseLogin actually used login(1),
> which it didn't last I checked.  Noticed-by: /etc/login.access strangely
> not applying to ssh connections.

I think that's fixed now - I was able to bounce incoming ssh
session using login.access last month, anyway.

-- 
"You can bring any calculator you like to the midterm, as long as it 
doesn't dim the lights when you turn it on."
		-- Hepler, Systems Design 182
Rasputin :: Jack of All Trades - Master of Nuns ::

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message