apparent ssh_config fascism
Phillip Brown
P.Brown at mmu.ac.uk
Mon Nov 18 23:39:05 EST 2002
After reading the man page for ssh-keysign, some admins might be unaware
that root can use Hostbased authentication by only having a setting
in .ssh/config without having to think about the ramifications of going
down the /etc/ssh/ssh_config route. Maybe man ssh-keysign should be
fleshed out a little to make the exception absolutely clear.
The fact that Hostbased authentication needs to be enabled in
/etc/ssh/ssh_config to make the method available to users other than
root, even when ssh-keysign is suid root, suggests that it should be a
decision the administrator should not take lightly - and hence that such
ramifications do exist. Perhaps there are scenarios of abuse or am I
reading to much into this?
More information about the openssh-unix-dev
mailing list