Date: Wed, 25 Apr 2001 03:20:03 -0700 (PDT) From: Peter Pentchev <roam@orbitel.bg> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/26832: ssh cannot login without password when using ~/.shosts Message-ID: <200104251020.f3PAK3936146@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/26832; it has been noted by GNATS. From: Peter Pentchev <roam@orbitel.bg> To: Masachika ISHIZUKA <ishizuka@ish.org> Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/26832: ssh cannot login without password when using ~/.shosts Date: Wed, 25 Apr 2001 13:14:34 +0300 On Wed, Apr 25, 2001 at 06:29:53PM +0900, Masachika ISHIZUKA wrote: > > On Wed, Apr 25, 2001 at 03:05:54PM +0900, Masachika ISHIZUKA wrote: > > > >>>Number: 26832 > >>>Category: bin > >>>Synopsis: ssh cannot login without password when using ~/.shosts > >>>Originator: Masachika ISHIZUKA > >>>Fix: > >> chmod u+s /usr/bin/ssh > > > > Mmmm.. I would rather think the correct fix is putting: > > ENABLE_SETUID_SSH=true > > > > in your /etc/make.conf, as documented in /etc/defaults/make.conf. > > Dear, Peter-san. > Thank you for reply. > It can be fixed to add "ENABLE_SETUID_SSH=true" in /etc/make.conf > and "cd /usr/src/secure/lib/libssh && make && cd ../../usr.bin/ssh > && make && make install", but do all users to use .shosts install > ssh source code, and why is the suid bit of ssh removed from 4.2R to > 4.3R ? Any security reasons ? Yes, for existing installations, the SSH client binary has to be chmod'd by hand. And yes, there were security reasons for removing the setuid bit on the SSH client - there was at least one known vulnerability, which could be used for subverting the SSH client, and there is no guarantee that more such vulnerabilities won't creep up in the future. Since it is quite rare that people are using rhosts/shosts based authentication, the majority of FreeBSD installations do not need a setuid SSH client. For those that do, there is the 'chmod by hand' workaround for an existing installation, and the /etc/make.conf knob for rebuilding. I apologize for my somewhat summary and not quite thought-out reply; the case of new installations which are not rebuilt totally slipped my mind. As a side point, rhosts/shosts-based authentication could be replaced with something else which does not require a setuid client - e.g. with public-key authentication (it is quite trivial to generate a public key with an empty password). This could have other issues - the keys should be placed on all machines, the secret portion of the key should be placed on all machines from which you need to log in (this could mean placing secret keys on NFS-exported homedirs.. ugh).. but in some cases, public-key based authentication is a better solution. G'luck, Peter -- This sentence claims to be an Epimenides paradox, but it is lying. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104251020.f3PAK3936146>