Wed, Aug 15, 2001 at 16:21:32, oli (Olafur Osvaldsson) wrote about "ssh and setuid":
[...]
> As the ssh in FreeBSD is by default not setuid it uses a higher than privileged
> port for connecting so obviously that is the reason for my troubles.
>
> Wouldn't it be better to only disable rhosts_authentication instead of disabling
> both when the port is not privileged or atleast have this as an option in
> make.conf for those that want this option without setting the setuid bit on ssh?
RhostsRSAAuthentication needs private key of client host. Private key should
be readable only for root, i.e. non-setuid ssh cannot read it.
Hence, I can try to determine logic of disabling RhostsRSAAuthentication
when connect was from non-privileged port: it quickly disables faked host
key checking without semi-expensive RSA/DSA computations.
But, there is another problem here: can client host create more than 512
outgoing ssh connections? In such case port range 512...1023 will be
exhausted, and RhostsRSAAuthentication will fail insuspectively.
/netch
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
