--{enable/disable}-suid-ssh removed, rhosts auth gone when UID != 0
Markus Friedl
markus at openbsd.org
Wed Jul 3 23:03:34 EST 2002
On Wed, Jul 03, 2002 at 02:54:36PM +0200, Robert Dahlem wrote:
> Ok, "chmod u+s ssh scp" does help as first aid.
please don't set add an s-bit to scp, as it allows everyone on
your system to overwrite all files.
> My question is: Is SUID on ssh/scp considered dangerous? Are there other
> reasons one should avoid this?
1) rhosts authentication should be avoided
2) only rhosts-rsa authentication needs an sbit.
a privileged port is just needed for older sshd
servers
3) hostbased authentication in protocol 2 does not
need a sbit on ssh, they use ssh-keysign instead.
-m
More information about the openssh-unix-dev
mailing list