From owner-freebsd-hackers Wed Aug 15 9:21:37 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from amun.isnic.is (amun.isnic.is [193.4.58.10]) by hub.freebsd.org (Postfix) with ESMTP id B1B2837B40A for ; Wed, 15 Aug 2001 09:21:33 -0700 (PDT) (envelope-from oli@amun.isnic.is) Received: (from oli@localhost) by amun.isnic.is (8.11.4/8.11.4/isnic) id f7FGLWW31618 for freebsd-hackers@freebsd.org; Wed, 15 Aug 2001 16:21:32 GMT (envelope-from oli) Date: Wed, 15 Aug 2001 16:21:32 +0000 From: Olafur Osvaldsson To: freebsd-hackers@freebsd.org Subject: ssh and setuid Message-ID: <20010815162132.J70497@isnic.is> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'm using 4.3-STABLE since Jul 18. I have been trying to figure out why I was unable to use RhostsRSAAuthentication between my servers even when it was enabled in sshd_config. After looking at sshd.c I noticed the following at line 1061: if (remote_port >= IPPORT_RESERVED || remote_port < IPPORT_RESERVED / 2) { options.rhosts_authentication = 0; options.rhosts_rsa_authentication = 0; } As the ssh in FreeBSD is by default not setuid it uses a higher than privileged port for connecting so obviously that is the reason for my troubles. Wouldn't it be better to only disable rhosts_authentication instead of disabling both when the port is not privileged or atleast have this as an option in make.conf for those that want this option without setting the setuid bit on ssh? Please excuse me if this is not the correct media for this question. Oli -- Olafur Osvaldsson Systems Administrator Internet Iceland inc. Tel: +354 525-5291 Email: oli@isnic.is To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message