Date: Tue, 21 Jul 1998 17:03:32 GMT From: ark@eltex.ru To: sthaug@nethelp.no Cc: netadmin@fastnet.co.uk, security@FreeBSD.ORG Subject: Re: Ssh vsprintf (was the lame whoose-language is better war) Message-ID: <199807211703.RAA16737@paranoid.eltex.spb.ru> In-Reply-To: <14723.901021972@verdi.nethelp.no> from "sthaug@nethelp.no"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
sthaug@nethelp.no said :
> > | AFAIR it is _client_ that needs root to initiate connection from a
> > | privileged port. Mandatory for .rhosts authentication.
> >
> > Yeh your right..
>
> But most of the time when you use SSH you don't *need* .rhosts type
> "authentication" - because you're using RSA authentication or password
> over an encrypted channel.
>
> If you don't need .rhosts "authentication", it's a good idea to turn
> off setuid root for the ssh client.
afair RSArhosts needs privileged port as well..
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNbTJ4qH/mIJW9LeBAQH9sgP5ASi2tYY0Qbp2GUxl3MMLE1/MgBIjti0d
/ypgW0eVAbp0K5Nr0ZAVdZKzP4QNxq9IIxBDJDoa1YRd3hvdfEUUyZuyl4JWdNcE
aE2xuyJR63O0SPFWFLaqRzcs7ZSy9qcPz9qsf+fzUMLwaNjUpRS1avOC5sOjdt3F
1Vv5OM5iOOg=
=cF4h
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807211703.RAA16737>