- stevesk@cvs.openbsd.org 2002/06/10 17:45:20

     [readconf.c ssh.1]
     change RhostsRSAAuthentication and RhostsAuthentication default to no
     since ssh is no longer setuid root by default; ok markus@

diff --git a/ChangeLog b/ChangeLog
index 59c210ba574d020259859e32b9019bae6ccaa8d4..d8c2c94a4284a3bf396f417cc973a38eb609b73b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,10 @@
      [ssh-add.1 ssh-add.c]
      use convtime() to parse and validate key lifetime.  can now
      use '-t 2h' etc.  ok markus@ provos@
+   - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
+     [readconf.c ssh.1]
+     change RhostsRSAAuthentication and RhostsAuthentication default to no
+     since ssh is no longer setuid root by default; ok markus@
 
 20020609
  - (bal) OpenBSD CVS Sync

diff --git a/readconf.c b/readconf.c
index 79c27ae15e6f9fcab833f1f68177905569bbf01a..9defef1de5675b7fbe38e26e7e197217db43ab01 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.99 2002/06/10 17:45:20 stevesk Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -816,7 +816,7 @@ fill_default_options(Options * options)
        if (options->use_privileged_port == -1)
                options->use_privileged_port = 0;
        if (options->rhosts_authentication == -1)
-               options->rhosts_authentication = 1;
+               options->rhosts_authentication = 0;
        if (options->rsa_authentication == -1)
                options->rsa_authentication = 1;
        if (options->pubkey_authentication == -1)
@@ -840,7 +840,7 @@ fill_default_options(Options * options)
        if (options->kbd_interactive_authentication == -1)
                options->kbd_interactive_authentication = 1;
        if (options->rhosts_rsa_authentication == -1)
-               options->rhosts_rsa_authentication = 1;
+               options->rhosts_rsa_authentication = 0;
        if (options->hostbased_authentication == -1)
                options->hostbased_authentication = 0;
        if (options->batch_mode == -1)

diff --git a/ssh.1 b/ssh.1
index 49b50c391ead11fe2856ccc9aa82ac991c4c2fb1..0f68e7e696b133f9c2661a40ee8e3d45b0fb17bf 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.156 2002/06/10 17:45:20 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -1083,9 +1083,6 @@ Specifies whether to try rhosts based authentication.
 Note that this
 declaration only affects the client side and has no effect whatsoever
 on security.
-Disabling rhosts authentication may reduce
-authentication time on slow connections when rhosts authentication is
-not used.
 Most servers do not permit RhostsAuthentication because it
 is not secure (see
 .Cm RhostsRSAAuthentication ) .
@@ -1094,7 +1091,7 @@ The argument to this keyword must be
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq no .
 This option applies to protocol version 1 only.
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
@@ -1104,7 +1101,7 @@ The argument must be
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq no .
 This option applies to protocol version 1 only and requires
 .Nm
 to be setuid root.