diff options
| author | Kevin Steves <stevesk@pobox.com> | 2000-12-15 19:55:48 +0000 |
|---|---|---|
| committer | Kevin Steves <stevesk@pobox.com> | 2000-12-15 19:55:48 +0000 |
| commit | fcec7f82bb394762afce0801f43bad6d2a4b4a86 (patch) | |
| tree | c746459c01b391b6e316e97ba47098eb05cc0068 /sshd.c | |
| parent | fa72ddac73e3549cf5d399fae31bfb5a293ed0cc (diff) | |
- markus@cvs.openbsd.org 2000/12/12 14:45:21
[sshd.c]
source port < 1024 is no longer required for rhosts-rsa since it
adds no additional security.
- markus@cvs.openbsd.org 2000/12/12 16:11:49
[ssh.1 ssh.c]
rhosts-rsa is no longer automagically disabled if ssh is not privileged.
UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
these changes should not change the visible default behaviour of the ssh client.
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 9 |
1 files changed, 4 insertions, 5 deletions
@@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.136 2000/12/05 16:47:28 todd Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.137 2000/12/12 21:45:21 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -1119,18 +1119,17 @@ main(int ac, char **av) sshd_exchange_identification(sock_in, sock_out); /* - * Check that the connection comes from a privileged port. Rhosts- - * and Rhosts-RSA-Authentication only make sense from priviledged + * Check that the connection comes from a privileged port. + * Rhosts-Authentication only makes sense from priviledged * programs. Of course, if the intruder has root access on his local * machine, he can connect from any port. So do not use these * authentication methods from machines that you do not trust. */ if (remote_port >= IPPORT_RESERVED || remote_port < IPPORT_RESERVED / 2) { - debug("Rhosts Authentication methods disabled, " + debug("Rhosts Authentication disabled, " "originating port not trusted."); options.rhosts_authentication = 0; - options.rhosts_rsa_authentication = 0; } #ifdef KRB4 if (!packet_connection_is_ipv4() && |