RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- stevesk@cvs.openbsd.org 2002/06/10 17:45:20 

[readconf.c ssh.1]
     change RhostsRSAAuthentication and RhostsAuthentication default to no
     since ssh is no longer setuid root by default; ok markus@
This commit is contained in:
Ben Lindstrom 2002-06-11 15:53:05 +00:00
parent 1775c9c97a
commit 2bf8276393
3 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -17,6 +17,10 @@
[ssh-add.1 ssh-add.c] [ssh-add.1 ssh-add.c]
use convtime() to parse and validate key lifetime. can now use convtime() to parse and validate key lifetime. can now
use '-t 2h' etc. ok markus@ provos@ use '-t 2h' etc. ok markus@ provos@
- stevesk@cvs.openbsd.org 2002/06/10 17:45:20
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
20020609 20020609
- (bal) OpenBSD CVS Sync - (bal) OpenBSD CVS Sync
@ -882,4 +886,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2204 2002/06/11 15:51:54 mouring Exp $ $Id: ChangeLog,v 1.2205 2002/06/11 15:53:05 mouring Exp $

6
readconf.c
View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $"); RCSID("$OpenBSD: readconf.c,v 1.99 2002/06/10 17:45:20 stevesk Exp $");
#include "ssh.h" #include "ssh.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -816,7 +816,7 @@ fill_default_options(Options * options)
if (options->use_privileged_port == -1) if (options->use_privileged_port == -1)
options->use_privileged_port = 0; options->use_privileged_port = 0;
if (options->rhosts_authentication == -1) if (options->rhosts_authentication == -1)
options->rhosts_authentication = 1; options->rhosts_authentication = 0;
if (options->rsa_authentication == -1) if (options->rsa_authentication == -1)
options->rsa_authentication = 1; options->rsa_authentication = 1;
if (options->pubkey_authentication == -1) if (options->pubkey_authentication == -1)
@ -840,7 +840,7 @@ fill_default_options(Options * options)
if (options->kbd_interactive_authentication == -1) if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 1; options->kbd_interactive_authentication = 1;
if (options->rhosts_rsa_authentication == -1) if (options->rhosts_rsa_authentication == -1)
options->rhosts_rsa_authentication = 1; options->rhosts_rsa_authentication = 0;
if (options->hostbased_authentication == -1) if (options->hostbased_authentication == -1)
options->hostbased_authentication = 0; options->hostbased_authentication = 0;
if (options->batch_mode == -1) if (options->batch_mode == -1)

9
ssh.1
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $ .\" $OpenBSD: ssh.1,v 1.156 2002/06/10 17:45:20 stevesk Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSH 1 .Dt SSH 1
.Os .Os
@ -1083,9 +1083,6 @@ Specifies whether to try rhosts based authentication.
Note that this Note that this
declaration only affects the client side and has no effect whatsoever declaration only affects the client side and has no effect whatsoever
on security. on security.
Disabling rhosts authentication may reduce
authentication time on slow connections when rhosts authentication is
not used.
Most servers do not permit RhostsAuthentication because it Most servers do not permit RhostsAuthentication because it
is not secure (see is not secure (see
.Cm RhostsRSAAuthentication ) . .Cm RhostsRSAAuthentication ) .
@ -1094,7 +1091,7 @@ The argument to this keyword must be
or or
.Dq no . .Dq no .
The default is The default is
.Dq yes . .Dq no .
This option applies to protocol version 1 only. This option applies to protocol version 1 only.
.It Cm RhostsRSAAuthentication .It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host Specifies whether to try rhosts based authentication with RSA host
@ -1104,7 +1101,7 @@ The argument must be
or or
.Dq no . .Dq no .
The default is The default is
.Dq yes . .Dq no .
This option applies to protocol version 1 only and requires This option applies to protocol version 1 only and requires
.Nm .Nm
to be setuid root. to be setuid root.