RSARhosts / Hostbased auth and euid=0 requirement
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Sat May 12 07:38:01 EST 2001
On Tue, May 08, 2001 at 04:03:16PM -0700, Carson Gaspar wrote:
> > we've been discussion a setgid ssh earlier, but
> > decided that it's not the way to go.
> >
> > however, i think about moving the client side of
> > hostbased authentication out of ssh, to a setuid binary
> > /usr/libexec/ssh-keysign
> > and remove the sbit from ssh.
> > ssh-keysign will read the hostkeys and generate a valid
> > signature.
>
> Great. Is this going to be implemented anytime soon? If so, I withdraw my
> suggestion. If not, please lets get a stop-gap solution in place quickly.
hm, i've been working on this some weeks ago but got distracted.
perhaps i can start again, soon.
right now i'm not sure about the protocol between
ssh
and
ssh-keysign.
btw, ssh.com has a keysigner for this job.
More information about the openssh-unix-dev
mailing list