On Wed 21 Feb 01, 11:28 AM, Mark K. Kim said: 
> Dear LUGODers,
> 
> The EEC department has removed all implementation of ssh1 (we still have
> ssh2) due to security reasons.  But since many sites I log onto uses only
> ssh1, I still would like to use ssh1 (it's either that or telnet, and ssh1
> is better than nothing.)

they removed ssh1 because of security reasons but left telnet on?

> Since half of EEC department's computers are Linux, I just grabbed a
> binary copy of ssh1 from my home system and copied it into my
> directory.  It works like a charm.
 
if you have any influence over the administrators, twist their arm to use
openssh instead of ssh.    openssh supports both ssh1 and ssh2.  it's
available as an rpm, dpkg and source.  it couldn't be easier to install,
and would boost the security of their system.  something every admin
strives for.  :)

> Something I noticed, however, is that ssh1 is setuid (-rws--x--x) root.  I
> obviously can't setuid root on EEC systems, but the binary works fine
> anyway.  So what is the reason for this setuid on my home system?  Can I
> turn it off?
 
my ssh (openssh here) is not suid root.  i was just able to strace is as
non-root.

here is the message you get when you configure ssh using debian.  to be
perfectly honest with you, i don't understand all the issues.  but perhaps
you will.  it might be relevent to why ssh1 is suid root:

        If you make ssh SUID, you will be able to use Rhosts/RhostsRSA
        authentication, but will not be able to use socks via the LD_PRELOAD
        trick.  This is the traditional approach.

        If you do not make ssh SUID, you will be able to use socks, but
        Rhosts/RhostsRSA authentication will stop working, which may stop you
        logging in to remote systems.  It will also mean that the source port
        will be above 1024, which may confound firewall rules you've set up.
         
        If in doubt, I suggest you install it without SUID.  If it causes
        problems you can change your mind later by running:   dpkg-reconfigure

> PS: I use the original ssh, not openssh... (it was installed a long time
> ago, before I knew about openssh, and now I'm too lazy to remove it and
> put openssh on it.)
 
ahem.  :)

pete

PGP signature

Reply via email to