OpenSSH's client drops all privileges before the user is asked for a
password, so there is really no need to panic and send ads to this list
-- especially since this thread not at all related to SSH-1. However,
if you are afraid of SSH-1 you can simply turn off protocol 1 support
in OpenSSH
Nobody else yet has confirmed this:
--
From: "Jeffrey W. Baker" [EMAIL PROTECTED]
Curious. It doesn't do that here on Slackware-current (Linux 2.4.1, glibc
2.2.1, gcc 2.95.2):
jwb@manchurian-candidate:~$ ssh jwb@heat
jwb@heat's password:
Permission
hi,
When Michal Zalewski found bug in ssh, most people tried to reinstall
their ssh. They usualy install openssh 2.3.0 or higher, or ssh2.com
Well, it could not be the best fix using openssh client 2.3.0p1 (i dont
check other ver.).
I've compile it from sources, so look at it:
* Tomasz Kuniar wrote:
Ssh client is suid, so it could be real problem. Must check source...
SUID is only needed when using rhosts or rshost-rsa authentication.
Many installations don't need it. Just set this option [taken from man ssh]:
UsePrivilegedPort
Specifies