1 files changed, 21 insertions, 4 deletions
diff --git a/ssh.1 b/ssh.1
index ada58e1eb..49b50c391 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -1105,7 +1105,9 @@ or
 .Dq no .
 The default is
 .Dq yes .
-This option applies to protocol version 1 only.
+This option applies to protocol version 1 only and requires
+.Nm
+to be setuid root.
 .It Cm RSAAuthentication
 Specifies whether to try RSA authentication.
 The argument to this keyword must be
@@ -1376,9 +1378,23 @@ and are used for
 .Cm RhostsRSAAuthentication
 and
 .Cm HostbasedAuthentication .
-Since they are readable only by root
+If the protocol version 1
+.Cm RhostsRSAAuthentication
+method is used, 
+.Nm
+must be setuid root, since the host key is readable only by root.
+For protocol version 2,
+.Nm
+uses
+.Xr ssh-keysign 8
+to access the host keys for
+.Cm HostbasedAuthentication .
+This eliminates the requirement that
+.Nm
+be setuid root when that authentication method is used.
+By default
 .Nm
-must be setuid root if these authentication methods are desired.
+is not setuid root.
 .It Pa $HOME/.rhosts
 This file is used in
 .Pa \&.rhosts
@@ -1483,6 +1499,7 @@ protocol versions 1.5 and 2.0.
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr telnet 1 ,
+.Xr ssh-keysign 8,
 .Xr sshd 8
 .Rs
 .%A T. Ylonen

diff --git a/ssh.1 b/ssh.1 index ada58e1eb..49b50c391 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.154 2002/06/08 05:17:01 markus Exp $	37	.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -1105,7 +1105,9 @@ or
1105	.Dq no .	1105	.Dq no .
1106	The default is	1106	The default is
1107	.Dq yes .	1107	.Dq yes .
1108	This option applies to protocol version 1 only.	1108	This option applies to protocol version 1 only and requires
		1109	.Nm
		1110	to be setuid root.
1109	.It Cm RSAAuthentication	1111	.It Cm RSAAuthentication
1110	Specifies whether to try RSA authentication.	1112	Specifies whether to try RSA authentication.
1111	The argument to this keyword must be	1113	The argument to this keyword must be
@@ -1376,9 +1378,23 @@ and are used for
1376	.Cm RhostsRSAAuthentication	1378	.Cm RhostsRSAAuthentication
1377	and	1379	and
1378	.Cm HostbasedAuthentication .	1380	.Cm HostbasedAuthentication .
1379	Since they are readable only by root	1381	If the protocol version 1
		1382	.Cm RhostsRSAAuthentication
		1383	method is used,
		1384	.Nm
		1385	must be setuid root, since the host key is readable only by root.
		1386	For protocol version 2,
		1387	.Nm
		1388	uses
		1389	.Xr ssh-keysign 8
		1390	to access the host keys for
		1391	.Cm HostbasedAuthentication .
		1392	This eliminates the requirement that
		1393	.Nm
		1394	be setuid root when that authentication method is used.
		1395	By default
1380	.Nm	1396	.Nm
1381	must be setuid root if these authentication methods are desired.	1397	is not setuid root.
1382	.It Pa $HOME/.rhosts	1398	.It Pa $HOME/.rhosts
1383	This file is used in	1399	This file is used in
1384	.Pa \&.rhosts	1400	.Pa \&.rhosts
@@ -1483,6 +1499,7 @@ protocol versions 1.5 and 2.0.
1483	.Xr ssh-agent 1 ,	1499	.Xr ssh-agent 1 ,
1484	.Xr ssh-keygen 1 ,	1500	.Xr ssh-keygen 1 ,
1485	.Xr telnet 1 ,	1501	.Xr telnet 1 ,
		1502	.Xr ssh-keysign 8,
1486	.Xr sshd 8	1503	.Xr sshd 8
1487	.Rs	1504	.Rs
1488	.%A T. Ylonen	1505	.%A T. Ylonen