ENABLE_SUID_SSH in make.conf
David Malone
dwmalone at maths.tcd.ie
Wed Oct 18 08:36:07 UTC 2006
On Wed, Oct 18, 2006 at 09:25:28AM +0200, Oliver Fromme wrote:
> That name exists for historical reasons. Some time ago it
> was ssh(1) itself which got the suid bit in order to be
> able to read the private host key (which is readable by
> root only). Access to that key is required for host-based
> authentication (disabled by default). Hence the variable
> named ENABLE_SSH_SUID.
There is another reason for wanting this. If you still use the ssh1
RSARhosts authentication mechanism, then it needs ssh to be suid
root because using a priveleged port is part of the authentication
mechanism (combined with signing using the host key). This has been
more or less replaced by the ssh-keysign stuff, but I guess some
people may still be depending on it.
David.
More information about the freebsd-stable
mailing list