Re: suid bit sshd

From: Dan Nelson <dnelson_at_allantgroup.com>
Date: Fri, 20 Aug 2004 09:18:27 -0500
In the last episode (Aug 20), Dag-Erling Smorgrav said:
> Maxim Konovalov <maxim_at_macomnet.ru> writes:
> > DES, is it OK to commit a following patch?  Or you were going to
> > deprecate ENABLE_SUID_SSH?  We still have it in make.conf(5),
> > share/examples/etc/make.conf and ssh-keysign/Makefile.
> 
> The whole point with ssh-keysign is to separate out the parts of ssh
> that need a setuid bit.  It should not be necessary for ssh to have a
> setuid bit if ssh-keysign does, which is what ENABLE_SUID_SSH
> controls these days.

ssh-keysign doesn't yet handle SSH 1 keys, though, and a non-root ssh
can't use UsePrivilegedPort which may be needed for
RhostsRSAAuthentication with older servers.  If you're only using SSH-2
keys, and you're only talking to new sshds, then no, you don't need
ENABLE_SUID_SSH.

-- 
	Dan Nelson
	dnelson_at_allantgroup.com
Received on Fri Aug 20 2004 - 12:18:31 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC