From owner-freebsd-security Fri Mar 15 18:19:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from dns1.digitalglobe.com (dns1.digitalglobe.com [205.166.175.34]) by hub.freebsd.org (Postfix) with ESMTP id CF31337B417 for ; Fri, 15 Mar 2002 18:19:01 -0800 (PST) Received: from lohr.digitalglobe.com (lohr.digitalglobe.com [10.10.11.18]) by dns1.digitalglobe.com (8.11.6/8.11.4) with ESMTP id g2G2IJv90138; Fri, 15 Mar 2002 19:18:32 -0700 (MST) Subject: Re: sshd UseLogin option From: John-David Childs To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2-4mdk Date: 15 Mar 2002 19:18:19 -0700 Message-Id: <1016245112.5568.15.camel@lohr.digitalglobe.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Keeping UseLogin off allows for more controlled environments, e.g. environments where users might not have a shell account...but still require a valid shell for sftp and scp. Also, for those who care... From session.c if (options.use_login) { packet_send_debug("X11 forwarding disabled; " "not compatible with UseLogin=yes."); return 0; On Wed, 2002-03-13 at 06:51, Dag-Erling Smorgrav wrote: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? > > DES > -- > Dag-Erling Smorgrav - des@ofug.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message