diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:53:05 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:53:05 +0000 |
commit | 2bf82763935991dd151eac3bc378eebbbaea3fdc (patch) | |
tree | 49f19281fba794b1d5ab23893da8f92dccd74f5f | |
parent | 1775c9c97af0559f7b6df766ce79d66a1e883379 (diff) | |
download | openssh-git-2bf82763935991dd151eac3bc378eebbbaea3fdc.tar.gz |
- stevesk@cvs.openbsd.org 2002/06/10 17:45:20
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | readconf.c | 6 | ||||
-rw-r--r-- | ssh.1 | 9 |
3 files changed, 11 insertions, 10 deletions
@@ -17,6 +17,10 @@ [ssh-add.1 ssh-add.c] use convtime() to parse and validate key lifetime. can now use '-t 2h' etc. ok markus@ provos@ + - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 + [readconf.c ssh.1] + change RhostsRSAAuthentication and RhostsAuthentication default to no + since ssh is no longer setuid root by default; ok markus@ 20020609 - (bal) OpenBSD CVS Sync @@ -882,4 +886,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2204 2002/06/11 15:51:54 mouring Exp $ +$Id: ChangeLog,v 1.2205 2002/06/11 15:53:05 mouring Exp $ @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.99 2002/06/10 17:45:20 stevesk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -816,7 +816,7 @@ fill_default_options(Options * options) if (options->use_privileged_port == -1) options->use_privileged_port = 0; if (options->rhosts_authentication == -1) - options->rhosts_authentication = 1; + options->rhosts_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) @@ -840,7 +840,7 @@ fill_default_options(Options * options) if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 1; if (options->rhosts_rsa_authentication == -1) - options->rhosts_rsa_authentication = 1; + options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) options->hostbased_authentication = 0; if (options->batch_mode == -1) @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.156 2002/06/10 17:45:20 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1083,9 +1083,6 @@ Specifies whether to try rhosts based authentication. Note that this declaration only affects the client side and has no effect whatsoever on security. -Disabling rhosts authentication may reduce -authentication time on slow connections when rhosts authentication is -not used. Most servers do not permit RhostsAuthentication because it is not secure (see .Cm RhostsRSAAuthentication ) . @@ -1094,7 +1091,7 @@ The argument to this keyword must be or .Dq no . The default is -.Dq yes . +.Dq no . This option applies to protocol version 1 only. .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host @@ -1104,7 +1101,7 @@ The argument must be or .Dq no . The default is -.Dq yes . +.Dq no . This option applies to protocol version 1 only and requires .Nm to be setuid root. |