On Sat, 26 Feb 2000 [EMAIL PROTECTED] wrote:
> > If you want to tinker with the file permissions, can't you deal with the
> > fact that the startup scripts will create a host key for you the first
> > time you boot with it installed?
>
> As long as there is an easy way of running ssh without any special privs,
> I'm happy.
ssh 'seemed to work' when not setuid. I could log in using RSA
authentication as well as password-based, but didnt try much else.
>From /usr/src/crypto/openssh/OVERVIEW:
- The client is suid root. It tries to temporarily give up this
rights while reading the configuration data. The root
privileges are only used to make the connection (from a
privileged socket). Any extra privileges are dropped before
calling ssh_login.
This comment doesn't seem to be completely accurate given what I earlier
posted from the code (it's also used for RSA-rhosts authentication), but
for most purposes you can safely remove the setuid flag.
Kris
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message