From owner-freebsd-doc Wed May 23 9:42: 3 2001 Delivered-To: freebsd-doc@freebsd.org Received: from simpurio.idealab.com (mx2.idealab.com [64.208.8.4]) by hub.freebsd.org (Postfix) with SMTP id 0967537B42C for ; Wed, 23 May 2001 09:41:59 -0700 (PDT) (envelope-from jim@compete.com) Received: (qmail 4153 invoked by alias); 23 May 2001 16:41:58 -0000 Received: (qmail 4068 invoked from network); 23 May 2001 16:41:57 -0000 Received: from unknown (HELO cartman.boston.geekhouse.net) (10.5.1.189) by simpurio.idealab.com with SMTP; 23 May 2001 16:41:57 -0000 Received: by cartman.boston.geekhouse.net (Postfix, from userid 1000) id 7F32F322F; Wed, 23 May 2001 12:41:18 -0400 (EDT) Date: Wed, 23 May 2001 12:41:18 -0400 From: Jim Mock To: David Miller Cc: Jordan Hubbard , jolly@gibbon.kungfumonkey.com, doc@FreeBSD.ORG Subject: Re: 4.3R and ssh problems Message-ID: <20010523124117.A8265@cartman.bos.geekhouse.net> Reply-To: jim@compete.com Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.18i Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, 23 May 2001 at 10:37:10 -0400, David Miller wrote: > On Wed, 23 May 2001, Jim Mock wrote: > > On Wed, 23 May 2001 at 08:40:32 -0400, Jim Mock wrote: > > > On Tue, 22 May 2001 at 23:45:08 -0700, Jordan Hubbard wrote: > > > > We probably need to add this to the FAQ, actually. Any doc'ers > > > > willing to write something up and commit it? > > > > > > I'll see what I can do later today/tonight. It shouldn't take > > > very long, so hopefully I'll have something committed this > > > afternoon. > > > > Ok, I just started working on this, however, I'm not sure whether it > > should go under System Administration or Miscellaneous Questions. > > I'm leaning more towards the Miscellaneous Questions section, but > > I'd like some comments before I commit it. > > I think I'd lean more toward the sysadmin side for a couple of > reasons. First, it's probably a sysadmin whos setting things up for > passwordless authentication. It's a sysadmin who'll have to fix it. > Lastly, if the user is clueful enough to be trying it on her own, she > should be clueful enough to find it on the sysadmin side:) Ok, here's a patch to add it under the system administration topic. If nobody has any complaints, I'd like to commit this tonight. - jim -- - jim mock www.compete.com - jim@FreeBSD.org - - senior systems administrator - Compete, Inc. - ph: 1.617.867.7035 - --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="faq.diff" Index: book.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO_8859-1/books/faq/book.sgml,v retrieving revision 1.204 diff -u -r1.204 book.sgml --- book.sgml 2001/05/22 17:33:26 1.204 +++ book.sgml 2001/05/23 16:36:00 @@ -7290,6 +7290,38 @@ securelevel and the &man.init.8; manual page. + + + + Why doesn't SSH authentication through + .shosts work by default in recent + versions of FreeBSD? + + + + The reason why .shosts + authentication does not work by default in more recent + versions of FreeBSD is because ssh + is not installed suid root by default. To + fix this, you can do one of the + following: + + + + As a permanent fix, set + ENABLE_SUID_SSH to true + in /etc/make.conf. + + + + As a temporary fix, chnage the mode on + /usr/bin/ssh to 4555 + by running chmod 4755 /usr/bin/ssh as + root. + + + + --SUOF0GtieIMvvwua-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message