In the last episode (Aug 20), Dag-Erling Smorgrav said: > Maxim Konovalov <maxim_at_macomnet.ru> writes: > > DES, is it OK to commit a following patch? Or you were going to > > deprecate ENABLE_SUID_SSH? We still have it in make.conf(5), > > share/examples/etc/make.conf and ssh-keysign/Makefile. > > The whole point with ssh-keysign is to separate out the parts of ssh > that need a setuid bit. It should not be necessary for ssh to have a > setuid bit if ssh-keysign does, which is what ENABLE_SUID_SSH > controls these days. ssh-keysign doesn't yet handle SSH 1 keys, though, and a non-root ssh can't use UsePrivilegedPort which may be needed for RhostsRSAAuthentication with older servers. If you're only using SSH-2 keys, and you're only talking to new sshds, then no, you don't need ENABLE_SUID_SSH. -- Dan Nelson dnelson_at_allantgroup.comReceived on Fri Aug 20 2004 - 12:18:31 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC