apparent ssh_config fascism
Ben Lindstrom
mouring at etoh.eviladmin.org
Tue Nov 19 01:06:22 EST 2002
Just stated that it may have the setuid bit removed if the admin is
locking down a box and decided the feature was not required and he's
rather not have yet another setuid binary running around.
So it is not just a simple 'switch' you throw and it magicly works. Which
is what the original poster was trying to imply.
- Ben
On Mon, 18 Nov 2002, Markus Friedl wrote:
> On Fri, Nov 15, 2002 at 01:03:42PM -0600, Ben Lindstrom wrote:
> >
> > Because man 'ssh-keysign' says:
> >
> > [..] Since they
> > are readable only by root, ssh-keysign must be set-uid root if
> > hostbased authentication is used.
> >
> > So it does the user no good to enabled it if ssh-keysign is not setuid.
>
> but that's not the reason. the sysadmin might now want you to use
> the hostkey, so she has to decide if ssh-keysign should be
> enabled.
>
> having the sysadmin remove the sbit is not an option, so it's
> controlled by the config file.
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list