by mail.netbsd.org with SMTP; 19 Oct 2000 05:19:20 -0000
	by splode.eterna.com.au (Postfix) with ESMTP
	id 0C27A264E; Thu, 19 Oct 2000 16:19:16 +1100 (EST)
To: thorpej@zembu.com
Cc: cjs@cynic.net, tech-security@netbsd.org
subject: re: setuid ssh 
in-reply-to: your message of "Wed, 18 Oct 2000 08:05:04 PDT."
             <20001018080504.A290@dr-evil.shagadelic.org> 
organisation: people's front against (bozotic) www (softwar foundation)
x-other-organisation: The NetBSD Foundation.
Date: Thu, 19 Oct 2000 16:19:16 +1100
Message-ID: <28588.971932756@eterna.com.au>
From: matthew green <mrg@eterna.com.au>

   
    > I think .rhosts/rsa configuration may still be suitable for some
    > enviroment; e.g. remote backup from cron.  Perhaps you want to set
    > IgnoreUserKnownHosts.
    > 
    > I'm afraid that disabling all authentication other than user's RSA
    > causes proliferation of ssh-agent, which looks more halmful than
    > rhosts/rsa authentication.
   
   Yes, and I'm particularly annoyed that the change to de-setuid ssh
   was made without any discussion.
   
   PLEASE back out the change that de-setuid's ssh -- some people really
   do use rhosts/rsa authentication legitimately.


and some people legitimately *really* don't want ssh installed setuid.


that set would include me.


.mrg.