RhostsAuthentication?

[Gert Doering]

Hi,

On Thu, Nov 15, 2001 at 12:22:42PM +0100, Markus Friedl wrote:
> On Thu, Nov 15, 2001 at 12:18:35PM +0100, Gert Doering wrote:
> > is anybody out there still using RhostsAuthentication?  Can we please
> > remove it?
> 
> i don't think we can remove the code, perhaps just printing a big
> WARNING to stderr/syslog if it's enabled or used.

This would be a Good Thing.  Stderr and syslog, please.  

And please change the wording in sshd_config, maybe something like this:

old:

# rhosts authentication should not be used
RhostsAuthentication no

new:

# This is the old-style authenticate-by-IP only, no-crypto .rhosts thing.  
# You should not use this if you do not really know what you're doing.
# For normal .rhosts usage, look at RhostsRSAAuthentication (protocol 1)
# or HostBasedAuthentication (protocol 2).
RhostsAuthentication no

- maybe that will help.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de