Subject: Re: i386 IO access and chroot()
To: Michael Richardson <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 07/16/2001 03:00:29
On Sat, Jul 14, 2001 at 11:36:28PM -0400, Michael Richardson wrote:
> Greg> done the authentication, but that's a separate issue). As I
> Greg> understand the Unix security model in combination with the SSH
> Greg> protocol this means that SSH must run as root on both ends and the
> Greg> initial use of a TCP port less than 1024 is key to the web of trust
> SSH can emulate "rhost" <1024 stuff if you insist. That is not the default.
> You can permit RhostRSA to use RSA to authenticate hosts. That depends upon
>access to /etc/ssh_host_key, which is why ssh client is often setuid. This
>also is often not the default. (although setuid ssh has been the default in
a suid ssh client gains you two modes of authentication which are sort
of similar, but not the same: RhostsAuthentication and
RhostsRSAAuthentication. the former requires the client to be
connecting to the server from a "privileged" port and the latter
requires privileges on the client machine to read the file called (eg)
/etc/ssh_host_key. i don't recall off the top of my head if the use
of a "privileged" port is required for this form of authentication to
> Most use of ssh does not require any of this.
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."