apparent ssh_config fascism

Ben Lindstrom mouring at
Tue Nov 19 01:06:22 EST 2002

Just stated that it may have the setuid bit removed if the admin is
locking down a box and decided the feature was not required and he's
rather not have yet another setuid binary running around.

So it is not just a simple 'switch' you throw and it magicly works.  Which
is what the original poster was trying to imply.

- Ben

On Mon, 18 Nov 2002, Markus Friedl wrote:

> On Fri, Nov 15, 2002 at 01:03:42PM -0600, Ben Lindstrom wrote:
> >
> > Because man 'ssh-keysign' says:
> >
> >  	     [..] Since they
> >              are readable only by root, ssh-keysign must be set-uid root if
> >              hostbased authentication is used.
> >
> > So it does the user no good to enabled it if ssh-keysign is not setuid.
> but that's not the reason. the sysadmin might now want you to use
> the hostkey, so she has to decide if ssh-keysign should be
> enabled.
> having the sysadmin remove the sbit is not an option, so it's
> controlled by the config file.
> _______________________________________________
> openssh-unix-dev at mailing list

More information about the openssh-unix-dev mailing list