diff --git a/ChangeLog b/ChangeLog index ff2b77155..40168ceec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ [ssh-add.1 ssh-add.c] use convtime() to parse and validate key lifetime. can now use '-t 2h' etc. ok markus@ provos@ + - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 + [readconf.c ssh.1] + change RhostsRSAAuthentication and RhostsAuthentication default to no + since ssh is no longer setuid root by default; ok markus@ 20020609 - (bal) OpenBSD CVS Sync @@ -882,4 +886,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2204 2002/06/11 15:51:54 mouring Exp $ +$Id: ChangeLog,v 1.2205 2002/06/11 15:53:05 mouring Exp $ diff --git a/readconf.c b/readconf.c index 79c27ae15..9defef1de 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.99 2002/06/10 17:45:20 stevesk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -816,7 +816,7 @@ fill_default_options(Options * options) if (options->use_privileged_port == -1) options->use_privileged_port = 0; if (options->rhosts_authentication == -1) - options->rhosts_authentication = 1; + options->rhosts_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) @@ -840,7 +840,7 @@ fill_default_options(Options * options) if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 1; if (options->rhosts_rsa_authentication == -1) - options->rhosts_rsa_authentication = 1; + options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) options->hostbased_authentication = 0; if (options->batch_mode == -1) diff --git a/ssh.1 b/ssh.1 index 49b50c391..0f68e7e69 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.156 2002/06/10 17:45:20 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1083,9 +1083,6 @@ Specifies whether to try rhosts based authentication. Note that this declaration only affects the client side and has no effect whatsoever on security. -Disabling rhosts authentication may reduce -authentication time on slow connections when rhosts authentication is -not used. Most servers do not permit RhostsAuthentication because it is not secure (see .Cm RhostsRSAAuthentication ) . @@ -1094,7 +1091,7 @@ The argument to this keyword must be or .Dq no . The default is -.Dq yes . +.Dq no . This option applies to protocol version 1 only. .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host @@ -1104,7 +1101,7 @@ The argument must be or .Dq no . The default is -.Dq yes . +.Dq no . This option applies to protocol version 1 only and requires .Nm to be setuid root.