On Wed, Oct 18, 2006 at 09:25:28AM +0200, Oliver Fromme wrote:
> That name exists for historical reasons. Some time ago it
> was ssh(1) itself which got the suid bit in order to be
> able to read the private host key (which is readable by
> root only). Access to that key is required for host-based
> authentication (disabled by default). Hence the variable
> named ENABLE_SSH_SUID.
There is another reason for wanting this. If you still use the ssh1
RSARhosts authentication mechanism, then it needs ssh to be suid
root because using a priveleged port is part of the authentication
mechanism (combined with signing using the host key). This has been
more or less replaced by the ssh-keysign stuff, but I guess some
people may still be depending on it.
David.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
