From owner-freebsd-stable  Wed May 23 10: 2:18 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from search.sparks.net (search.sparks.net [208.5.188.60])
	by hub.freebsd.org (Postfix) with ESMTP id D7E8237B423
	for <freebsd-stable@freebsd.org>; Wed, 23 May 2001 10:02:13 -0700 (PDT)
	(envelope-from dmiller@sparks.net)
Received: by search.sparks.net (Postfix, from userid 100)
	id 2E642DB49; Wed, 23 May 2001 13:00:41 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by search.sparks.net (Postfix) with ESMTP
	id 1F7F3DB48; Wed, 23 May 2001 13:00:41 -0400 (EDT)
Date: Wed, 23 May 2001 13:00:41 -0400 (EDT)
From: David Miller <dmiller@sparks.net>
To: Jano Lukac <jedovaty@yahoo.com>
Cc: freebsd-stable@freebsd.org
Subject: Re: 4.3R and ssh problems
In-Reply-To: <20010522211931.86681.qmail@web14501.mail.yahoo.com>
Message-ID: <Pine.BSF.4.21.0105231256330.50961-100000@search.sparks.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Tue, 22 May 2001, Jano Lukac wrote:

> 
> --- David Miller <dmiller@sparks.net> wrote:
> 
> > chmod 4555 /usr/bin/ssh let it work too, so now I'm OK.  Hopefully anyone
> > else who runs into the problem will search the stable archive, but I
> > always worry when defaults change.
> 
> Wouldn't it be better to simply use the public/private keying system
> (sshkeygen), and setup the keys without a password?

I tested that and may well do it.  The issue was that something which used
to work, and is documented in the manpage as working does not, in fact
work.  This changed behavior will break existing scripts of people using
.shosts and scp to copy web logs, for example.  The auth log used to give
a warning about what was going on, but now just says it's invoking PAM
with nary a clue about why passwords are now required to be typed in.

The man page should be changed too, to either mention the problem or to
remove the references to authentication by .shosts files.

--- David


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message