by redmail.netbsd.org with SMTP; 3 Nov 1999 22:26:32 -0000
	by noc.untraceable.net (8.10.0.Beta6/8.10.0.Beta6/bonk!) id dA3MQGI25959;
	Wed, 3 Nov 1999 17:26:16 -0500 (EST)
Date: Wed, 3 Nov 1999 17:26:16 -0500
From: Andrew Brown <atatat@atatdot.net>
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
Cc: tech-security@netbsd.org
Subject: Re: evil? sshd patch
Message-ID: <19991103172616.A25920@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
References: <199911032217.RAA17029@Twig.Rodents.Montreal.QC.CA>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <199911032217.RAA17029@Twig.Rodents.Montreal.QC.CA>; from mouse@Rodents.Montreal.QC.CA on Wed, Nov 03, 1999 at 05:17:21PM -0500
Return-Receipt-To: receipts@daemon.org
Errors-To: errrors@graffiti.com

>> while i understand your point (doing accounting and stuff, blah blah
>> blah) it really won't make much difference here, will it?
>
>It may.  I may have multiple superuser logins, some of which are
>captive in various ways; I need to specify, then, which one has "allow
>ssh as anyone" power.

root is root (meaning uid zero here, of course).  root cannot be made
a captive.  unless you've done something that you haven't told us
about.

>Or perhaps I want to set up a special account that can't normally be
>sshed to at all (maybe it's got /bin/false as a shell or something) but
>exists specifically to let me authorize certain keys as having the
>power to authorize access as anyone - that is, the magic account
>doesn't have to be a super-user.

um...ok.  i can't exactly wrap my brain around that one completely,
but i'm pretty sure i see what you mean.

>>    ssh -t fooroot@some.machine.com su - someluser
>
>Only if fooroot has a "normal" shell. :-)

ah, yes.  very true.  touche!

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."