Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 2 Sep 2000 22:50:38 +0200
From:      Neil Blakey-Milner <nbm@mithrandr.moria.org>
To:        "Jacques A. Vidrine" <n@nectar.com>
Cc:        Dan Nelson <dnelson@emsphone.com>, sthaug@nethelp.no, phk@critter.freebsd.dk, ume@FreeBSD.ORG, arch@FreeBSD.ORG
Subject:   Re: setuid ssh should die (Re: Request for review: nsswitch)
Message-ID:  <20000902225038.A40067@mithrandr.moria.org>
In-Reply-To: <20000902154753.B1263@hamlet.nectar.com>; from n@nectar.com on Sat, Sep 02, 2000 at 03:47:54PM -0500
References:  <41582.967924374@critter> <62717.967924513@verdi.nethelp.no> <20000902145822.B28852@dan.emsphone.com> <20000902150221.A1263@hamlet.nectar.com> <20000902151406.A7615@dan.emsphone.com> <20000902154753.B1263@hamlet.nectar.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat 2000-09-02 (15:47), Jacques A. Vidrine wrote:
> On Sat, Sep 02, 2000 at 03:14:07PM -0500, Dan Nelson wrote:
> > (assume we're connecting from pc1 to pc2 )
> > 
> > Right; if ssh is not setuid, it doesn't have access to pc1's private
> > host key, so the sshd on pc2 cannot verify pc1's identity.  That means
> > sshd can't use .shosts.  See the ssh/sshd manpage, under
> > "RhostsRSAAuthentication".
> 
> Sorry, I thought you were talking about something else.
> 
> RhostsRSAAuthentication is, of course, off by default.

On the server side, yes.

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000902225038.A40067>