From owner-freebsd-security  Tue Jul 21 04:53:28 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA05937
          for freebsd-security-outgoing; Tue, 21 Jul 1998 04:53:28 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id EAA05908
          for <security@FreeBSD.ORG>; Tue, 21 Jul 1998 04:53:14 -0700 (PDT)
          (envelope-from sthaug@nethelp.no)
From: sthaug@nethelp.no
Received: (qmail 14725 invoked by uid 1001); 21 Jul 1998 11:52:52 +0000 (GMT)
To: netadmin@fastnet.co.uk
Cc: security@FreeBSD.ORG
Subject: Re: Ssh vsprintf (was the lame whoose-language is better war)
In-Reply-To: Your message of "Tue, 21 Jul 1998 11:48:24 +0100 (BST)"
References: <Pine.BSF.3.96.980721114309.5652l-100000@bofh.fast.net.uk>
X-Mailer: Mew version 1.05+ on Emacs 19.34.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Date: Tue, 21 Jul 1998 13:52:52 +0200
Message-ID: <14723.901021972@verdi.nethelp.no>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> | AFAIR it is _client_ that needs root to initiate connection from a
> | privileged port. Mandatory for .rhosts authentication.
> 
> Yeh your right..

But most of the time when you use SSH you don't *need* .rhosts type
"authentication" - because you're using RSA authentication or password
over an encrypted channel.

If you don't need .rhosts "authentication", it's a good idea to turn
off setuid root for the ssh client.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message