From 4b3d23b41266cfc4bd54d0a3e2acc22bdf228c6d Mon Sep 17 00:00:00 2001 From: mouring Date: Tue, 11 Jun 2002 15:53:05 +0000 Subject: [PATCH] - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 [readconf.c ssh.1] change RhostsRSAAuthentication and RhostsAuthentication default to no since ssh is no longer setuid root by default; ok markus@ --- ChangeLog | 4 ++++ readconf.c | 6 +++--- ssh.1 | 9 +++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 59c210ba..d8c2c94a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ [ssh-add.1 ssh-add.c] use convtime() to parse and validate key lifetime. can now use '-t 2h' etc. ok markus@ provos@ + - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 + [readconf.c ssh.1] + change RhostsRSAAuthentication and RhostsAuthentication default to no + since ssh is no longer setuid root by default; ok markus@ 20020609 - (bal) OpenBSD CVS Sync diff --git a/readconf.c b/readconf.c index 79c27ae1..9defef1d 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.99 2002/06/10 17:45:20 stevesk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -816,7 +816,7 @@ fill_default_options(Options * options) if (options->use_privileged_port == -1) options->use_privileged_port = 0; if (options->rhosts_authentication == -1) - options->rhosts_authentication = 1; + options->rhosts_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) @@ -840,7 +840,7 @@ fill_default_options(Options * options) if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 1; if (options->rhosts_rsa_authentication == -1) - options->rhosts_rsa_authentication = 1; + options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) options->hostbased_authentication = 0; if (options->batch_mode == -1) diff --git a/ssh.1 b/ssh.1 index 49b50c39..0f68e7e6 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.156 2002/06/10 17:45:20 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1083,9 +1083,6 @@ Specifies whether to try rhosts based authentication. Note that this declaration only affects the client side and has no effect whatsoever on security. -Disabling rhosts authentication may reduce -authentication time on slow connections when rhosts authentication is -not used. Most servers do not permit RhostsAuthentication because it is not secure (see .Cm RhostsRSAAuthentication ) . @@ -1094,7 +1091,7 @@ The argument to this keyword must be or .Dq no . The default is -.Dq yes . +.Dq no . This option applies to protocol version 1 only. .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host @@ -1104,7 +1101,7 @@ The argument must be or .Dq no . The default is -.Dq yes . +.Dq no . This option applies to protocol version 1 only and requires .Nm to be setuid root. -- 2.45.2