summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-11 15:45:02 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-11 15:45:02 +0000
commit5cac423871b406a474149c5a0c3b1085ef1fd0f4 (patch)
tree281f1df169a858a56e6ddae3951ad0d624e83494
parent494709decba82070ac7094d09a93685d5f038fee (diff)
- stevesk@cvs.openbsd.org 2002/06/09 22:15:15
[ssh.1] update for no setuid root and ssh-keysign; ok deraadt@
-rw-r--r--ChangeLog6
-rw-r--r--ssh.125
2 files changed, 26 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index fdfc0f0d..34a863b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
20020611
- (bal) ssh-agent.c RCSD fix (|unexpand already done)
+ - (bal) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
+ [ssh.1]
+ update for no setuid root and ssh-keysign; ok deraadt@
20020609
- (bal) OpenBSD CVS Sync
@@ -865,4 +869,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2199 2002/06/11 15:42:53 mouring Exp $
+$Id: ChangeLog,v 1.2200 2002/06/11 15:45:02 mouring Exp $
diff --git a/ssh.1 b/ssh.1
index ada58e1e..49b50c39 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -1105,7 +1105,9 @@ or
.Dq no .
The default is
.Dq yes .
-This option applies to protocol version 1 only.
+This option applies to protocol version 1 only and requires
+.Nm
+to be setuid root.
.It Cm RSAAuthentication
Specifies whether to try RSA authentication.
The argument to this keyword must be
@@ -1376,9 +1378,23 @@ and are used for
.Cm RhostsRSAAuthentication
and
.Cm HostbasedAuthentication .
-Since they are readable only by root
+If the protocol version 1
+.Cm RhostsRSAAuthentication
+method is used,
+.Nm
+must be setuid root, since the host key is readable only by root.
+For protocol version 2,
+.Nm
+uses
+.Xr ssh-keysign 8
+to access the host keys for
+.Cm HostbasedAuthentication .
+This eliminates the requirement that
+.Nm
+be setuid root when that authentication method is used.
+By default
.Nm
-must be setuid root if these authentication methods are desired.
+is not setuid root.
.It Pa $HOME/.rhosts
This file is used in
.Pa \&.rhosts
@@ -1483,6 +1499,7 @@ protocol versions 1.5 and 2.0.
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr telnet 1 ,
+.Xr ssh-keysign 8,
.Xr sshd 8
.Rs
.%A T. Ylonen