RhostsAuthentication?
Corinna Vinschen
vinschen at redhat.com
Thu Nov 15 23:08:05 EST 2001
On Thu, Nov 15, 2001 at 12:29:11PM +0100, Gert Doering wrote:
> Hi,
>
> On Thu, Nov 15, 2001 at 12:22:42PM +0100, Markus Friedl wrote:
> > On Thu, Nov 15, 2001 at 12:18:35PM +0100, Gert Doering wrote:
> > > is anybody out there still using RhostsAuthentication? Can we please
> > > remove it?
> >
> > i don't think we can remove the code, perhaps just printing a big
> > WARNING to stderr/syslog if it's enabled or used.
>
> This would be a Good Thing. Stderr and syslog, please.
>
> And please change the wording in sshd_config, maybe something like this:
>
> old:
>
> # rhosts authentication should not be used
> RhostsAuthentication no
>
> new:
>
> # This is the old-style authenticate-by-IP only, no-crypto .rhosts thing.
> # You should not use this if you do not really know what you're doing.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I'm pretty sure that will not work. _Of course_ they know what they
are doing! How dare you to doubt just for a moment!
;-)
Corinna
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
More information about the openssh-unix-dev
mailing list