Portable OpenSSH 2.5.1p1

Gert Doering gert at greenie.muc.de
Tue Feb 20 19:26:32 EST 2001


Hi,

On Mon, Feb 19, 2001 at 10:56:36PM +0100, Markus Friedl wrote:
> On Mon, Feb 19, 2001 at 10:29:42PM +0100, Gert Doering wrote:
> > Without checking for privileged ports, you're effectively making
> > RhostsRsaAuthentication completely useless, as every user can disguise as
> > every other user, and should then better drop it completely.
> 
> no. only root can read the hostkey file, so the client
> is trusted because it knows the hostkey.

OK, thanks for clarifying this (I hope the client checks that the host
key has the correct file modes?).

Maybe that should have gone into the announcement... without, it lead to
wrong assumptions.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de





More information about the openssh-unix-dev mailing list