suid bit sshd
Dan Nelson
dnelson at allantgroup.com
Fri Aug 20 07:18:31 PDT 2004
In the last episode (Aug 20), Dag-Erling Smorgrav said:
> Maxim Konovalov <maxim at macomnet.ru> writes:
> > DES, is it OK to commit a following patch? Or you were going to
> > deprecate ENABLE_SUID_SSH? We still have it in make.conf(5),
> > share/examples/etc/make.conf and ssh-keysign/Makefile.
>
> The whole point with ssh-keysign is to separate out the parts of ssh
> that need a setuid bit. It should not be necessary for ssh to have a
> setuid bit if ssh-keysign does, which is what ENABLE_SUID_SSH
> controls these days.
ssh-keysign doesn't yet handle SSH 1 keys, though, and a non-root ssh
can't use UsePrivilegedPort which may be needed for
RhostsRSAAuthentication with older servers. If you're only using SSH-2
keys, and you're only talking to new sshds, then no, you don't need
ENABLE_SUID_SSH.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-current
mailing list