Hi!

On Mon, 17 Jan 2000 mcmahill@mtl.mit.edu wrote:

> the problem is that PVM is compiled with the 'rsh' command set to 'ssh'.
> To add to the complications, you need to be able to simply do:
> 
> ssh altair
> 
> and get a prompt.  This means you need Rhosts with RSA authentication set
> in /etc/sshd_config (the default).  However, the ssh binary needs to be
> set to suid for this to work.

no, not really, and this is not the 'most secure' way to do this.

I don't know the software you're talking about, but using RSA host
authentication isn't optimal. better use RSA authentication by key, and
configure the authorized_keys on the target system to allow only
accesses from a specific IP, executing ONLY the necessary, not allowing to
forward any ports, and not giving a pty.
you can avoid being asked for the passphrase of the identity by not
setting one, but you really should only use it for this tasks and with
this restrictions then.

consider having a closer look at the manpages of ssh(1), ssh-keygen(1) and
sshd(8)

Regards

   Count

-- 
  -= Andreas Kotes - mailto:count@flatline.de - Questions? Just ask =-
 -= Are you doing what you are able to do to support peace on earth? =-
-= Commercial use of my email address NOT allowed. PGP key available. =-