summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorKevin Steves <stevesk@pobox.com>2000-12-15 19:55:48 +0000
committerKevin Steves <stevesk@pobox.com>2000-12-15 19:55:48 +0000
commitfcec7f82bb394762afce0801f43bad6d2a4b4a86 (patch)
treec746459c01b391b6e316e97ba47098eb05cc0068 /sshd.c
parentfa72ddac73e3549cf5d399fae31bfb5a293ed0cc (diff)
- markus@cvs.openbsd.org 2000/12/12 14:45:21
[sshd.c] source port < 1024 is no longer required for rhosts-rsa since it adds no additional security. - markus@cvs.openbsd.org 2000/12/12 16:11:49 [ssh.1 ssh.c] rhosts-rsa is no longer automagically disabled if ssh is not privileged. UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers. these changes should not change the visible default behaviour of the ssh client.
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/sshd.c b/sshd.c
index 66930544..0c9cdead 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.136 2000/12/05 16:47:28 todd Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.137 2000/12/12 21:45:21 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -1119,18 +1119,17 @@ main(int ac, char **av)
sshd_exchange_identification(sock_in, sock_out);
/*
- * Check that the connection comes from a privileged port. Rhosts-
- * and Rhosts-RSA-Authentication only make sense from priviledged
+ * Check that the connection comes from a privileged port.
+ * Rhosts-Authentication only makes sense from priviledged
* programs. Of course, if the intruder has root access on his local
* machine, he can connect from any port. So do not use these
* authentication methods from machines that you do not trust.
*/
if (remote_port >= IPPORT_RESERVED ||
remote_port < IPPORT_RESERVED / 2) {
- debug("Rhosts Authentication methods disabled, "
+ debug("Rhosts Authentication disabled, "
"originating port not trusted.");
options.rhosts_authentication = 0;
- options.rhosts_rsa_authentication = 0;
}
#ifdef KRB4
if (!packet_connection_is_ipv4() &&