RSARhosts / Hostbased auth and euid=0 requirement

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Sat May 12 07:38:01 EST 2001


On Tue, May 08, 2001 at 04:03:16PM -0700, Carson Gaspar wrote:
> > we've been discussion a setgid ssh earlier, but
> > decided that it's not the way to go.
> >
> > however, i think about moving the client side of
> > hostbased authentication out of ssh, to a setuid binary
> > 	/usr/libexec/ssh-keysign
> > and remove the sbit from ssh.
> > ssh-keysign will read the hostkeys and generate a valid
> > signature.
> 
> Great. Is this going to be implemented anytime soon? If so, I withdraw my 
> suggestion. If not, please lets get a stop-gap solution in place quickly.

hm, i've been working on this some weeks ago but got distracted.
perhaps i can start again, soon.

right now i'm not sure about the protocol between
	ssh
and
	ssh-keysign.

btw, ssh.com has a keysigner for this job.



More information about the openssh-unix-dev mailing list