- stevesk@cvs.openbsd.org 2002/06/09 22:15:15

[ssh.1] update for no setuid root and ssh-keysign; ok deraadt@
author: Ben Lindstrom <mouring@eviladmin.org> 2002-06-11 15:45:02 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-06-11 15:45:02 +0000
commit: 5cac423871b406a474149c5a0c3b1085ef1fd0f4 (patch)
tree: 281f1df169a858a56e6ddae3951ad0d624e83494
parent: 494709decba82070ac7094d09a93685d5f038fee (diff)
2 files changed, 26 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index fdfc0f0d4..34a863b1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 20020611
 - (bal) ssh-agent.c RCSD fix (|unexpand already done)
+ - (bal) OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
+     [ssh.1]
+     update for no setuid root and ssh-keysign; ok deraadt@
 20020609
 - (bal) OpenBSD CVS Sync
@@ -865,4 +869,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2199 2002/06/11 15:42:53 mouring Exp $
+$Id: ChangeLog,v 1.2200 2002/06/11 15:45:02 mouring Exp $
diff --git a/ssh.1 b/ssh.1
index ada58e1eb..49b50c391 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -1105,7 +1105,9 @@ or
 .Dq no .
 The default is
 .Dq yes .
-This option applies to protocol version 1 only.
+This option applies to protocol version 1 only and requires
+.Nm
+to be setuid root.
 .It Cm RSAAuthentication
 Specifies whether to try RSA authentication.
 The argument to this keyword must be
@@ -1376,9 +1378,23 @@ and are used for
 .Cm RhostsRSAAuthentication
 and
 .Cm HostbasedAuthentication .
-Since they are readable only by root
+If the protocol version 1
+.Cm RhostsRSAAuthentication
+method is used, 
+.Nm
+must be setuid root, since the host key is readable only by root.
+For protocol version 2,
+.Nm
+uses
+.Xr ssh-keysign 8
+to access the host keys for
+.Cm HostbasedAuthentication .
+This eliminates the requirement that
+.Nm
+be setuid root when that authentication method is used.
+By default
 .Nm
-must be setuid root if these authentication methods are desired.
+is not setuid root.
 .It Pa $HOME/.rhosts
 This file is used in
 .Pa \&.rhosts
@@ -1483,6 +1499,7 @@ protocol versions 1.5 and 2.0.
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr telnet 1 ,
+.Xr ssh-keysign 8,
 .Xr sshd 8
 .Rs
 .%A T. Ylonen
author	Ben Lindstrom <mouring@eviladmin.org>	2002-06-11 15:45:02 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-06-11 15:45:02 +0000
commit	5cac423871b406a474149c5a0c3b1085ef1fd0f4 (patch)
tree	281f1df169a858a56e6ddae3951ad0d624e83494
parent	494709decba82070ac7094d09a93685d5f038fee (diff)

diff --git a/ChangeLog b/ChangeLog index fdfc0f0d4..34a863b1b 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,5 +1,9 @@
1	20020611	1	20020611
2	- (bal) ssh-agent.c RCSD fix (\|unexpand already done)	2	- (bal) ssh-agent.c RCSD fix (\|unexpand already done)
		3	- (bal) OpenBSD CVS Sync
		4	- stevesk@cvs.openbsd.org 2002/06/09 22:15:15
		5	[ssh.1]
		6	update for no setuid root and ssh-keysign; ok deraadt@
3		7
4	20020609	8	20020609
5	- (bal) OpenBSD CVS Sync	9	- (bal) OpenBSD CVS Sync
@@ -865,4 +869,4 @@
865	- (stevesk) entropy.c: typo in debug message	869	- (stevesk) entropy.c: typo in debug message
866	- (djm) ssh-keygen -i needs seeded RNG; report from markus@	870	- (djm) ssh-keygen -i needs seeded RNG; report from markus@
867		871
868	$Id: ChangeLog,v 1.2199 2002/06/11 15:42:53 mouring Exp $	872	$Id: ChangeLog,v 1.2200 2002/06/11 15:45:02 mouring Exp $


diff --git a/ssh.1 b/ssh.1 index ada58e1eb..49b50c391 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $	37	.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -1105,7 +1105,9 @@ or
1105	.Dq no .	1105	.Dq no .
1106	The default is	1106	The default is
1107	.Dq yes .	1107	.Dq yes .
1108	This option applies to protocol version 1 only.	1108	This option applies to protocol version 1 only and requires
		1109	.Nm
		1110	to be setuid root.
1109	.It Cm RSAAuthentication	1111	.It Cm RSAAuthentication
1110	Specifies whether to try RSA authentication.	1112	Specifies whether to try RSA authentication.
1111	The argument to this keyword must be	1113	The argument to this keyword must be
@@ -1376,9 +1378,23 @@ and are used for
1376	.Cm RhostsRSAAuthentication	1378	.Cm RhostsRSAAuthentication
1377	and	1379	and
1378	.Cm HostbasedAuthentication .	1380	.Cm HostbasedAuthentication .
1379	Since they are readable only by root	1381	If the protocol version 1
		1382	.Cm RhostsRSAAuthentication
		1383	method is used,
		1384	.Nm
		1385	must be setuid root, since the host key is readable only by root.
		1386	For protocol version 2,
		1387	.Nm
		1388	uses
		1389	.Xr ssh-keysign 8
		1390	to access the host keys for
		1391	.Cm HostbasedAuthentication .
		1392	This eliminates the requirement that
		1393	.Nm
		1394	be setuid root when that authentication method is used.
		1395	By default
1380	.Nm	1396	.Nm
1381	must be setuid root if these authentication methods are desired.	1397	is not setuid root.
1382	.It Pa $HOME/.rhosts	1398	.It Pa $HOME/.rhosts
1383	This file is used in	1399	This file is used in
1384	.Pa \&.rhosts	1400	.Pa \&.rhosts
@@ -1483,6 +1499,7 @@ protocol versions 1.5 and 2.0.
1483	.Xr ssh-agent 1 ,	1499	.Xr ssh-agent 1 ,
1484	.Xr ssh-keygen 1 ,	1500	.Xr ssh-keygen 1 ,
1485	.Xr telnet 1 ,	1501	.Xr telnet 1 ,
		1502	.Xr ssh-keysign 8,
1486	.Xr sshd 8	1503	.Xr sshd 8
1487	.Rs	1504	.Rs
1488	.%A T. Ylonen	1505	.%A T. Ylonen