Date: Wed, 23 May 2001 12:41:18 -0400 From: Jim Mock <jim@compete.com> To: David Miller <dmiller@sparks.net> Cc: Jordan Hubbard <jkh@osd.bsdi.com>, jolly@gibbon.kungfumonkey.com, doc@FreeBSD.ORG Subject: Re: 4.3R and ssh problems Message-ID: <20010523124117.A8265@cartman.bos.geekhouse.net> In-Reply-To: <Pine.BSF.4.21.0105231034050.50961-100000@search.sparks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Wed, 23 May 2001 at 10:37:10 -0400, David Miller wrote:
> On Wed, 23 May 2001, Jim Mock wrote:
> > On Wed, 23 May 2001 at 08:40:32 -0400, Jim Mock wrote:
> > > On Tue, 22 May 2001 at 23:45:08 -0700, Jordan Hubbard wrote:
> > > > We probably need to add this to the FAQ, actually. Any doc'ers
> > > > willing to write something up and commit it?
> > >
> > > I'll see what I can do later today/tonight. It shouldn't take
> > > very long, so hopefully I'll have something committed this
> > > afternoon.
> >
> > Ok, I just started working on this, however, I'm not sure whether it
> > should go under System Administration or Miscellaneous Questions.
> > I'm leaning more towards the Miscellaneous Questions section, but
> > I'd like some comments before I commit it.
>
> I think I'd lean more toward the sysadmin side for a couple of
> reasons. First, it's probably a sysadmin whos setting things up for
> passwordless authentication. It's a sysadmin who'll have to fix it.
> Lastly, if the user is clueful enough to be trying it on her own, she
> should be clueful enough to find it on the sysadmin side:)
Ok, here's a patch to add it under the system administration topic. If
nobody has any complaints, I'd like to commit this tonight.
- jim
--
- jim mock <jim@compete.com> www.compete.com - jim@FreeBSD.org -
- senior systems administrator - Compete, Inc. - ph: 1.617.867.7035 -
--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="faq.diff"
Index: book.sgml
===================================================================
RCS file: /home/ncvs/doc/en_US.ISO_8859-1/books/faq/book.sgml,v
retrieving revision 1.204
diff -u -r1.204 book.sgml
--- book.sgml 2001/05/22 17:33:26 1.204
+++ book.sgml 2001/05/23 16:36:00
@@ -7290,6 +7290,38 @@
securelevel</link> and the &man.init.8; manual page.</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question id="ssh-shosts">
+ <para>Why doesn't SSH authentication through
+ <filename>.shosts</filename> work by default in recent
+ versions of FreeBSD?</para>
+ </question>
+
+ <answer>
+ <para>The reason why <filename>.shosts</filename>
+ authentication does not work by default in more recent
+ versions of FreeBSD is because <application>ssh</application>
+ is not installed suid root by default. To
+ <quote>fix</quote> this, you can do one of the
+ following:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>As a permanent fix, set
+ <makevar>ENABLE_SUID_SSH</makevar> to <literal>true</literal>
+ in <filename>/etc/make.conf</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>As a temporary fix, chnage the mode on
+ <filename>/usr/bin/ssh</filename> to <literal>4555</literal>
+ by running <command>chmod 4755 /usr/bin/ssh</command> as
+ <username>root</username>.</para>
+ </listitem>
+ </itemizedlist>
+ </answer>
+ </qandaentry>
</qandaset>
</chapter>
--SUOF0GtieIMvvwua--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010523124117.A8265>