diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:53:05 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:53:05 +0000 |
commit | 2bf82763935991dd151eac3bc378eebbbaea3fdc (patch) | |
tree | 49f19281fba794b1d5ab23893da8f92dccd74f5f | |
parent | 1775c9c97af0559f7b6df766ce79d66a1e883379 (diff) |
- stevesk@cvs.openbsd.org 2002/06/10 17:45:20
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | readconf.c | 6 | ||||
-rw-r--r-- | ssh.1 | 9 |
3 files changed, 11 insertions, 10 deletions
@@ -17,6 +17,10 @@ | |||
17 | [ssh-add.1 ssh-add.c] | 17 | [ssh-add.1 ssh-add.c] |
18 | use convtime() to parse and validate key lifetime. can now | 18 | use convtime() to parse and validate key lifetime. can now |
19 | use '-t 2h' etc. ok markus@ provos@ | 19 | use '-t 2h' etc. ok markus@ provos@ |
20 | - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 | ||
21 | [readconf.c ssh.1] | ||
22 | change RhostsRSAAuthentication and RhostsAuthentication default to no | ||
23 | since ssh is no longer setuid root by default; ok markus@ | ||
20 | 24 | ||
21 | 20020609 | 25 | 20020609 |
22 | - (bal) OpenBSD CVS Sync | 26 | - (bal) OpenBSD CVS Sync |
@@ -882,4 +886,4 @@ | |||
882 | - (stevesk) entropy.c: typo in debug message | 886 | - (stevesk) entropy.c: typo in debug message |
883 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 887 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
884 | 888 | ||
885 | $Id: ChangeLog,v 1.2204 2002/06/11 15:51:54 mouring Exp $ | 889 | $Id: ChangeLog,v 1.2205 2002/06/11 15:53:05 mouring Exp $ |
diff --git a/readconf.c b/readconf.c index 79c27ae15..9defef1de 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.99 2002/06/10 17:45:20 stevesk Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -816,7 +816,7 @@ fill_default_options(Options * options) | |||
816 | if (options->use_privileged_port == -1) | 816 | if (options->use_privileged_port == -1) |
817 | options->use_privileged_port = 0; | 817 | options->use_privileged_port = 0; |
818 | if (options->rhosts_authentication == -1) | 818 | if (options->rhosts_authentication == -1) |
819 | options->rhosts_authentication = 1; | 819 | options->rhosts_authentication = 0; |
820 | if (options->rsa_authentication == -1) | 820 | if (options->rsa_authentication == -1) |
821 | options->rsa_authentication = 1; | 821 | options->rsa_authentication = 1; |
822 | if (options->pubkey_authentication == -1) | 822 | if (options->pubkey_authentication == -1) |
@@ -840,7 +840,7 @@ fill_default_options(Options * options) | |||
840 | if (options->kbd_interactive_authentication == -1) | 840 | if (options->kbd_interactive_authentication == -1) |
841 | options->kbd_interactive_authentication = 1; | 841 | options->kbd_interactive_authentication = 1; |
842 | if (options->rhosts_rsa_authentication == -1) | 842 | if (options->rhosts_rsa_authentication == -1) |
843 | options->rhosts_rsa_authentication = 1; | 843 | options->rhosts_rsa_authentication = 0; |
844 | if (options->hostbased_authentication == -1) | 844 | if (options->hostbased_authentication == -1) |
845 | options->hostbased_authentication = 0; | 845 | options->hostbased_authentication = 0; |
846 | if (options->batch_mode == -1) | 846 | if (options->batch_mode == -1) |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.156 2002/06/10 17:45:20 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -1083,9 +1083,6 @@ Specifies whether to try rhosts based authentication. | |||
1083 | Note that this | 1083 | Note that this |
1084 | declaration only affects the client side and has no effect whatsoever | 1084 | declaration only affects the client side and has no effect whatsoever |
1085 | on security. | 1085 | on security. |
1086 | Disabling rhosts authentication may reduce | ||
1087 | authentication time on slow connections when rhosts authentication is | ||
1088 | not used. | ||
1089 | Most servers do not permit RhostsAuthentication because it | 1086 | Most servers do not permit RhostsAuthentication because it |
1090 | is not secure (see | 1087 | is not secure (see |
1091 | .Cm RhostsRSAAuthentication ) . | 1088 | .Cm RhostsRSAAuthentication ) . |
@@ -1094,7 +1091,7 @@ The argument to this keyword must be | |||
1094 | or | 1091 | or |
1095 | .Dq no . | 1092 | .Dq no . |
1096 | The default is | 1093 | The default is |
1097 | .Dq yes . | 1094 | .Dq no . |
1098 | This option applies to protocol version 1 only. | 1095 | This option applies to protocol version 1 only. |
1099 | .It Cm RhostsRSAAuthentication | 1096 | .It Cm RhostsRSAAuthentication |
1100 | Specifies whether to try rhosts based authentication with RSA host | 1097 | Specifies whether to try rhosts based authentication with RSA host |
@@ -1104,7 +1101,7 @@ The argument must be | |||
1104 | or | 1101 | or |
1105 | .Dq no . | 1102 | .Dq no . |
1106 | The default is | 1103 | The default is |
1107 | .Dq yes . | 1104 | .Dq no . |
1108 | This option applies to protocol version 1 only and requires | 1105 | This option applies to protocol version 1 only and requires |
1109 | .Nm | 1106 | .Nm |
1110 | to be setuid root. | 1107 | to be setuid root. |