Skip site navigation (1)Skip section navigation (2) 
Date:      26 Feb 2000 14:17:59 +0100
From:      Bjoern Groenvall <bg@sics.se>
To:        Kris Kennaway <kris@FreeBSD.ORG>
Cc:        "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, current@FreeBSD.ORG, markm@FreeBSD.ORG
Subject:   Re: OpenSSH /etc patch
Message-ID:  <wu4saw6r20.fsf@bg.sics.se>
In-Reply-To: Kris Kennaway's message of Sat, 26 Feb 2000 02:44:09 -0800 (PST)
References:  <Pine.BSF.4.21.0002260243170.79658-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Kris Kennaway <kris@FreeBSD.ORG> writes:

> yOn Sat, 26 Feb 2000, Jordan K. Hubbard wrote:
> 
> > > +# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
> > > +# so we do it unconditionally on sshd_enable.
> > 
> > Are you sure ssh requires a host key?  I could have sworn this was
> > entirely related to sshd and could thus be lumped into the same
> > "if sshd_enable=YES" clause.
> 
> The code does not lie :-)
> 
> >From ssh.c:
> 
>         /*
>          * If we successfully made the connection, load the host private
> key
>          * in case we will need it later for combined rsa-rhosts
>          * authentication. This must be done before releasing extra
>          * privileges, because the file is only readable by root.
>          */
>         if (ok) {
>                 host_private_key = RSA_new();
>                 if (load_private_key(HOST_KEY_FILE, "", host_private_key,
> NULL))
>                         host_private_key_loaded = 1;
>         }

Right, the code does not lie (if ssh is setuid root). But, if the host
key has not yet been created, then no host can have the public key and
thus rsa-rhosts authentication won't work anyways. It is not required
to run ssh-keygen to make ssh work, Sshd still requires the host key
to operate.

/Björn

-- 
  _     _                                               ,_______________.  
Bjorn Gronvall (Björn Grönvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg@sics.se, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------' 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wu4saw6r20.fsf>