apparent ssh_config fascism

Ben Lindstrom mouring at etoh.eviladmin.org
Sat Nov 16 06:03:42 EST 2002


Because man 'ssh-keysign' says:

 	     [..] Since they
             are readable only by root, ssh-keysign must be set-uid root if
             hostbased authentication is used.

So it does the user no good to enabled it if ssh-keysign is not setuid.

So yes.  There is a reason for it.

- Ben

On Fri, 15 Nov 2002, Phillip Brown wrote:

>
> It appears that /etc/ssh/ssh_config enforces policy on local users in
> addition to its documented role as provider of defaults.
>
> $ ssh -V
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
>
> $ cat .ssh/config
> Host localhost
>    HostbasedAuthentication yes
>    PreferredAuthentications hostbased
>
> $ ssh localhost
> Hostbased authentication not enabled in /etc/ssh/ssh_config
> ssh_keysign: no reply
> key_sign failed
> Permission denied (publickey,password,keyboard-interactive,hostbased).
>
> The situation is rectified by enabling Hostbased authentication in
> /etc/ssh/ssh_config (as the error message suggests), but this must be
> done by the systems administrator.  Why is the setting in .ssh/config not
> sufficient?  Is this behaviour a bug or a feature?
>
> BTW these experiences are with the RPM for Red Hat 7.3
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list