apparent ssh_config fascism
Ben Lindstrom
mouring at etoh.eviladmin.org
Sat Nov 16 06:03:42 EST 2002
Because man 'ssh-keysign' says:
[..] Since they
are readable only by root, ssh-keysign must be set-uid root if
hostbased authentication is used.
So it does the user no good to enabled it if ssh-keysign is not setuid.
So yes. There is a reason for it.
- Ben
On Fri, 15 Nov 2002, Phillip Brown wrote:
>
> It appears that /etc/ssh/ssh_config enforces policy on local users in
> addition to its documented role as provider of defaults.
>
> $ ssh -V
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
>
> $ cat .ssh/config
> Host localhost
> HostbasedAuthentication yes
> PreferredAuthentications hostbased
>
> $ ssh localhost
> Hostbased authentication not enabled in /etc/ssh/ssh_config
> ssh_keysign: no reply
> key_sign failed
> Permission denied (publickey,password,keyboard-interactive,hostbased).
>
> The situation is rectified by enabling Hostbased authentication in
> /etc/ssh/ssh_config (as the error message suggests), but this must be
> done by the systems administrator. Why is the setting in .ssh/config not
> sufficient? Is this behaviour a bug or a feature?
>
> BTW these experiences are with the RPM for Red Hat 7.3
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list