On Wed, 2002-02-06 at 12:10, Vincent Danen wrote: > On Wed Feb 06, 2002 at 01:23:22AM -0600, Bryan Paxton wrote:
> > No, true enough... Markus always comes at me when there are issues > with our openssh. =) But Markus I like talking to... Theo.. depends > on his mood. =) > > > Specifically..... From the OpenSSH FAQ(http://www.openssh.com/faq.html): > > <SNIP> > > 2.1 - Why does ssh/scp make connections from low-numbered ports. > > > > The OpenSSH client uses low numbered ports for rhosts and rhosts-rsa >authentication because the server needs to trust the username provided by the client. >To get around this, you can add the below example to your ssh_config or ~/.ssh/config >file. > > UsePrivilegedPort no > > > > Or you can specify this option on the command line, using the -o option to ssh(1) >command. > > $ ssh -o "UsePrivilegedPort no" host.com > > 2.2 - Why is the ssh client setuid root? > > > > In conjunction with the previous question, (2.1) OpenSSH needs root authority to >be able to bind to low-numbered ports to facilitate rhosts authentication. A >privileged port is also required for rhosts-rsa authentication to older SSH releases. > > > > Additionally, for both rhosts-rsa authentication (in protocol version 1) and >hostbased authentication (in protocol version 2) the ssh client needs to access the >private host key in order to authenticate the client machine to the server. So the >setuid root bit is needed for these authentication methods, too. > > You can safely remove the setuid bit from the ssh executable if you don't want to >use these authentication methods. > > </SNIP> > > Right, but you see that it is needed for protocol2 hostbased auth. I > think this is an important feature. I could care less about rhost > compatability, but I like the idea of hostbased auth to more minimize > spoofing. This true, and logicial... I could still argue over it, but I digress since it is a good point : ) > > > So, I vote for ummmmmm.... screw Theo : ) > > Well, I always vote for that, but unfortunately, he knows who I am so > he comes at me all the time... hehehe > *snicker* : p > > But it doesn't look that's happening... rtools is all I'm truely > > concerned about... Patch gets in, I'll be a happy camper : ) > > Yes... rtools is a concern. Down with rsh! =) "Know all your enemies, we know who are enemies are" : ) Sincerely The zealot : P -- Bryan Paxton Public PGP key: http://www.deadhorse.net/bpaxton.gpg "Winning gives birth to hostility. Losing, one lies down in pain. The calmed lie down with ease, having set winning & losing aside." Dhp. 201
