On Sat, 26 Feb 2000 [EMAIL PROTECTED] wrote:

> > If you want to tinker with the file permissions, can't you deal with the
> > fact that the startup scripts will create a host key for you the first
> > time you boot with it installed?
> 
> As long as there is an easy way of running ssh without any special privs,
> I'm happy.

ssh 'seemed to work' when not setuid. I could log in using RSA
authentication as well as password-based, but didnt try much else.

>From /usr/src/crypto/openssh/OVERVIEW:

    - The client is suid root.  It tries to temporarily give up this
      rights while reading the configuration data.  The root
      privileges are only used to make the connection (from a
      privileged socket).  Any extra privileges are dropped before
      calling ssh_login.

This comment doesn't seem to be completely accurate given what I earlier
posted from the code (it's also used for RSA-rhosts authentication), but
for most purposes you can safely remove the setuid flag.

Kris

----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to