Subject: bin/12040: openssh rhosts rsa support requires setuid root ssh binary
To: None <firstname.lastname@example.org>
From: Duncan McEwan <duncan@MCS.VUW.AC.NZ>
Date: 01/24/2001 14:08:20
>Synopsis: openssh rhosts rsa support requires setuid root ssh binary
>Arrival-Date: Wed Jan 24 14:11:00 PST 2001
>Originator: Duncan McEwan
>Release: NetBSD-current of approx Jan 17th, 2001
Victoria University of Wellington, New Zealand
System: NetBSD rialto.mcs.vuw.ac.nz 1.5Q NetBSD 1.5Q (MCS_WORKSTATION) #0: Thu Jan 18 00:14:50 NZDT 2001 email@example.com:/src/work/src/sys/arch/i386/compile/MCS_WORKSTATION i386
[I had a quick search of the PR database to see if this issue has
already been reported. As far as I could see, it hasn't been]
With /usr/bin/ssh not being installed suid root, rhosts/rsa
authentication doesn't work (because the client ssh can't open its
local private key file (/etc/ssh_host_key).
Make sure you don't have personal RSA keys set up (in ~/.ssh/identity
and ~/.ssh/identity.pub files); that a pair of hosts (host1/host2) are
in each others /etc/ssh_known_hosts or ~/.ssh/known_hosts files; and
host1 is in host2's ~/.shosts or /etc/shosts.equiv file. You would
now expect to be able to slogin/ssh from host1 to host2 without having
to provide a password, but you can't.
Figure out whether or not it is safe to install ssh setuid root. If
so, figure out whether we want to do so. If answer to either is "no",
document the fact that rhosts/rsa authentication is not supported.