change in rhosts-rsa behavior

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Tue Apr 24 23:40:13 EST 2001


On Tue, Apr 24, 2001 at 09:13:46AM -0400, Michael Stone wrote:
> Can anyone remind me of the reason for breaking the rhosts-rsa protcol
> (by not using a privilaged port by default)?

it's a requirement from the obsolete rlogin protocol.

it does not provide additional security.

it is not required for protocol version 2.

privileged ports require setuid root and cause problems.

openssh's sshd does not require this.

you can always force the client to allocate privileged ports.



More information about the openssh-unix-dev mailing list