apparent ssh_config fascism
Markus Friedl
markus at openbsd.org
Mon Nov 18 21:12:01 EST 2002
On Fri, Nov 15, 2002 at 01:03:42PM -0600, Ben Lindstrom wrote:
>
> Because man 'ssh-keysign' says:
>
> [..] Since they
> are readable only by root, ssh-keysign must be set-uid root if
> hostbased authentication is used.
>
> So it does the user no good to enabled it if ssh-keysign is not setuid.
but that's not the reason. the sysadmin might now want you to use
the hostkey, so she has to decide if ssh-keysign should be
enabled.
having the sysadmin remove the sbit is not an option, so it's
controlled by the config file.
More information about the openssh-unix-dev
mailing list