[19115] in bugtraq
Re: Bug in ssh client (open ssh 2.3.0)
daemon@ATHENA.MIT.EDU (rafal wiosna)
Fri Feb 9 19:25:21 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-Id: <20010209192136.S21723@orfika.office.polbox.pl>
Date: Fri, 9 Feb 2001 19:21:36 +0100
Reply-To: rafal wiosna <rafamiga@UUCP.POLBOX.PL>
From: rafal wiosna <rafamiga@UUCP.POLBOX.PL>
X-To: owner-bugtraq@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010209095934.A20783@ania.profnet.pl>; from mezon@PROFNET.PL on
Fri, Feb 09, 2001 at 09:59:34AM +0100
* Tomasz Ku<niar wrote:
> Ssh client is suid, so it could be real problem. Must check source...
SUID is only needed when using rhosts or rshost-rsa authentication.
Many installations don't need it. Just set this option [taken from man ssh]:
UsePrivilegedPort
Specifies whether to use a privileged port for outgoing connec-
tions. The argument must be `yes'' or `no''. The default is
`yes''. Note that setting this option to `no'' turns off
RhostsAuthentication and RhostsRSAAuthentication.
--
__________________________________________________________________________
rafal wiosna * Polbox On-Line Service * Fidonet 2:480/33 * In ARP we trust
Powered by /usr/local/bin/joe B.O.F.P (alias|free).polbox.pl admin * AR155
RAFD-RIPE * PGP nyckeln finns tillgdnglig pe www.se.pgp.net (ID: 3CDCB7A9)
