Date: Sat, 2 Sep 2000 15:14:07 -0500 From: Dan Nelson <dnelson@emsphone.com> To: "Jacques A. Vidrine" <n@nectar.com> Cc: sthaug@nethelp.no, phk@critter.freebsd.dk, ume@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: setuid ssh should die (Re: Request for review: nsswitch) Message-ID: <20000902151406.A7615@dan.emsphone.com> In-Reply-To: <20000902150221.A1263@hamlet.nectar.com>; from "Jacques A. Vidrine" on Sat Sep 2 15:02:21 GMT 2000 References: <41582.967924374@critter> <62717.967924513@verdi.nethelp.no> <20000902145822.B28852@dan.emsphone.com> <20000902150221.A1263@hamlet.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Sep 02), Jacques A. Vidrine said: > On Sat, Sep 02, 2000 at 02:58:22PM -0500, Dan Nelson wrote: > > Rather, it's so it can read the host key, which is only readable by > > root. > > We're talking about ssh, not sshd. (assume we're connecting from pc1 to pc2 ) Right; if ssh is not setuid, it doesn't have access to pc1's private host key, so the sshd on pc2 cannot verify pc1's identity. That means sshd can't use .shosts. See the ssh/sshd manpage, under "RhostsRSAAuthentication". -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000902151406.A7615>