apparent ssh_config fascism

Markus Friedl markus at openbsd.org
Mon Nov 18 21:12:01 EST 2002


On Fri, Nov 15, 2002 at 01:03:42PM -0600, Ben Lindstrom wrote:
> 
> Because man 'ssh-keysign' says:
> 
>  	     [..] Since they
>              are readable only by root, ssh-keysign must be set-uid root if
>              hostbased authentication is used.
> 
> So it does the user no good to enabled it if ssh-keysign is not setuid.

but that's not the reason. the sysadmin might now want you to use
the hostkey, so she has to decide if ssh-keysign should be
enabled.

having the sysadmin remove the sbit is not an option, so it's
controlled by the config file.



More information about the openssh-unix-dev mailing list