diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:45:02 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:45:02 +0000 |
| commit | 5cac423871b406a474149c5a0c3b1085ef1fd0f4 (patch) | |
| tree | 281f1df169a858a56e6ddae3951ad0d624e83494 | |
| parent | 494709decba82070ac7094d09a93685d5f038fee (diff) | |
| download | openssh-git-5cac423871b406a474149c5a0c3b1085ef1fd0f4.tar.gz | |
- stevesk@cvs.openbsd.org 2002/06/09 22:15:15
[ssh.1]
update for no setuid root and ssh-keysign; ok deraadt@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ssh.1 | 25 |
2 files changed, 26 insertions, 5 deletions
@@ -1,5 +1,9 @@ 20020611 - (bal) ssh-agent.c RCSD fix (|unexpand already done) + - (bal) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2002/06/09 22:15:15 + [ssh.1] + update for no setuid root and ssh-keysign; ok deraadt@ 20020609 - (bal) OpenBSD CVS Sync @@ -865,4 +869,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2199 2002/06/11 15:42:53 mouring Exp $ +$Id: ChangeLog,v 1.2200 2002/06/11 15:45:02 mouring Exp $ @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1105,7 +1105,9 @@ or .Dq no . The default is .Dq yes . -This option applies to protocol version 1 only. +This option applies to protocol version 1 only and requires +.Nm +to be setuid root. .It Cm RSAAuthentication Specifies whether to try RSA authentication. The argument to this keyword must be @@ -1376,9 +1378,23 @@ and are used for .Cm RhostsRSAAuthentication and .Cm HostbasedAuthentication . -Since they are readable only by root +If the protocol version 1 +.Cm RhostsRSAAuthentication +method is used, +.Nm +must be setuid root, since the host key is readable only by root. +For protocol version 2, +.Nm +uses +.Xr ssh-keysign 8 +to access the host keys for +.Cm HostbasedAuthentication . +This eliminates the requirement that +.Nm +be setuid root when that authentication method is used. +By default .Nm -must be setuid root if these authentication methods are desired. +is not setuid root. .It Pa $HOME/.rhosts This file is used in .Pa \&.rhosts @@ -1483,6 +1499,7 @@ protocol versions 1.5 and 2.0. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr telnet 1 , +.Xr ssh-keysign 8, .Xr sshd 8 .Rs .%A T. Ylonen |