Portable OpenSSH 2.5.1p1
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Tue Feb 20 08:56:36 EST 2001
On Mon, Feb 19, 2001 at 10:29:42PM +0100, Gert Doering wrote:
> Without checking for privileged ports, you're effectively making
> RhostsRsaAuthentication completely useless, as every user can disguise as
> every other user, and should then better drop it completely.
no. only root can read the hostkey file, so the client
is trusted because it knows the hostkey.
no need for privileged ports nonsense.
hostbased auth in ssh2 will not have the priv-ports
requirement.
-m
More information about the openssh-unix-dev
mailing list