RSARhosts / Hostbased auth and euid=0 requirement
Carson Gaspar
carson at taltos.org
Wed May 9 09:03:16 EST 2001
--On Tuesday, May 08, 2001 11:43 PM +0200 Markus Friedl
<markus.friedl at informatik.uni-erlangen.de> wrote:
>
> On Fri, May 04, 2001 at 02:18:10AM -0700, Carson Gaspar wrote:
>> - Allow ssh to read alternate key files.
>
> i'm not sure about this one.
> you want to force ssh to read arbitraty key files
> and produce valid signatures with random files.
I can do this already, if I compile my own ssh client. On the other hand,
my random client won't be set*id anything. So perhaps this isn't a good
idea. It's not necessary, anyway.
>> - Allow said key files to be group readable
>
> we've been discussion a setgid ssh earlier, but
> decided that it's not the way to go.
>
> however, i think about moving the client side of
> hostbased authentication out of ssh, to a setuid binary
> /usr/libexec/ssh-keysign
> and remove the sbit from ssh.
> ssh-keysign will read the hostkeys and generate a valid
> signature.
Great. Is this going to be implemented anytime soon? If so, I withdraw my
suggestion. If not, please lets get a stop-gap solution in place quickly.
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
More information about the openssh-unix-dev
mailing list