Date: Wed, 25 Apr 2001 19:10:06 -0700 (PDT) From: Masachika ISHIZUKA <ishizuka@ish.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/26832: ssh cannot login without password when using ~/.shosts Message-ID: <200104260210.f3Q2A6e09999@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/26832; it has been noted by GNATS. From: Masachika ISHIZUKA <ishizuka@ish.org> To: roam@orbitel.bg Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/26832: ssh cannot login without password when using ~/.shosts Date: Thu, 26 Apr 2001 11:09:19 +0900 >>>>>Number: 26832 >>>>>Category: bin >>>>>Synopsis: ssh cannot login without password when using ~/.shosts >>>>>Originator: Masachika ISHIZUKA >>>>>Fix: >>>> chmod u+s /usr/bin/ssh >> >> It can be fixed to add "ENABLE_SETUID_SSH=true" in /etc/make.conf >> and "cd /usr/src/secure/lib/libssh && make && cd ../../usr.bin/ssh >> && make && make install", but do all users to use .shosts install >> ssh source code, and why is the suid bit of ssh removed from 4.2R to >> 4.3R ? Any security reasons ? > > Yes, for existing installations, the SSH client binary has to be chmod'd > by hand. And yes, there were security reasons for removing the setuid > bit on the SSH client - there was at least one known vulnerability, which > could be used for subverting the SSH client, and there is no guarantee > that more such vulnerabilities won't creep up in the future. Since it is > quite rare that people are using rhosts/shosts based authentication, > the majority of FreeBSD installations do not need a setuid SSH client. > For those that do, there is the 'chmod by hand' workaround for an existing > installation, and the /etc/make.conf knob for rebuilding. > > I apologize for my somewhat summary and not quite thought-out reply; > the case of new installations which are not rebuilt totally slipped my mind. > > As a side point, rhosts/shosts-based authentication could be replaced > with something else which does not require a setuid client - e.g. with > public-key authentication (it is quite trivial to generate a public key > with an empty password). This could have other issues - the keys should > be placed on all machines, the secret portion of the key should be placed > on all machines from which you need to log in (this could mean placing > secret keys on NFS-exported homedirs.. ugh).. but in some cases, public-key > based authentication is a better solution. Dear, Peter-san Thank you very much for mail. I understood and agree with you that the public-key based authentication is better. We managed more than 200 machines and it is too hard to replace authentication method soon. We will try to introduce public-key based authentication. -- ishizuka@ish.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104260210.f3Q2A6e09999>