by mail.netbsd.org with SMTP; 18 Oct 2000 16:23:29 -0000
	id 5B333D22D; Wed, 18 Oct 2000 08:05:05 -0700 (PDT)
Date: Wed, 18 Oct 2000 08:05:04 -0700
From: Jason R Thorpe <thorpej@zembu.com>
To: Atsushi Onoe <onoe@sm.sony.co.jp>
Cc: sommerfeld@orchard.arlington.ma.us, atatat@atatdot.net,
	cjs@cynic.net, hubert.feyrer@informatik.fh-regensburg.de,
	tech-security@netbsd.org
Subject: Re: setuid ssh
Message-ID: <20001018080504.A290@dr-evil.shagadelic.org>
Reply-To: thorpej@zembu.com
Mail-Followup-To: Jason R Thorpe <thorpej@zembu.com>,
	Atsushi Onoe <onoe@sm.sony.co.jp>,
	sommerfeld@orchard.arlington.ma.us, atatat@atatdot.net,
	cjs@cynic.net, hubert.feyrer@informatik.fh-regensburg.de,
	tech-security@netbsd.org
References: <20001018131128.9F5132A2A@orchard.arlington.ma.us> <200010181326.e9IDQLv03069@duplo.sm.sony.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200010181326.e9IDQLv03069@duplo.sm.sony.co.jp>; from onoe@sm.sony.co.jp on Wed, Oct 18, 2000 at 10:26:21PM +0900
Organization: Zembu Labs, Inc.

On Wed, Oct 18, 2000 at 10:26:21PM +0900, Atsushi Onoe wrote:

 > I think .rhosts/rsa configuration may still be suitable for some
 > enviroment; e.g. remote backup from cron.  Perhaps you want to set
 > IgnoreUserKnownHosts.
 > 
 > I'm afraid that disabling all authentication other than user's RSA
 > causes proliferation of ssh-agent, which looks more halmful than
 > rhosts/rsa authentication.

Yes, and I'm particularly annoyed that the change to de-setuid ssh
was made without any discussion.

PLEASE back out the change that de-setuid's ssh -- some people really
do use rhosts/rsa authentication legitimately.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>