- stevesk@cvs.openbsd.org 2002/06/10 17:45:20
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
diff --git a/ChangeLog b/ChangeLog
index ff2b771..40168ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,10 @@
[ssh-add.1 ssh-add.c]
use convtime() to parse and validate key lifetime. can now
use '-t 2h' etc. ok markus@ provos@
+ - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
+ [readconf.c ssh.1]
+ change RhostsRSAAuthentication and RhostsAuthentication default to no
+ since ssh is no longer setuid root by default; ok markus@
20020609
- (bal) OpenBSD CVS Sync
@@ -882,4 +886,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2204 2002/06/11 15:51:54 mouring Exp $
+$Id: ChangeLog,v 1.2205 2002/06/11 15:53:05 mouring Exp $
diff --git a/readconf.c b/readconf.c
index 79c27ae..9defef1 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.99 2002/06/10 17:45:20 stevesk Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -816,7 +816,7 @@
if (options->use_privileged_port == -1)
options->use_privileged_port = 0;
if (options->rhosts_authentication == -1)
- options->rhosts_authentication = 1;
+ options->rhosts_authentication = 0;
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
@@ -840,7 +840,7 @@
if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 1;
if (options->rhosts_rsa_authentication == -1)
- options->rhosts_rsa_authentication = 1;
+ options->rhosts_rsa_authentication = 0;
if (options->hostbased_authentication == -1)
options->hostbased_authentication = 0;
if (options->batch_mode == -1)
diff --git a/ssh.1 b/ssh.1
index 49b50c3..0f68e7e 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.155 2002/06/09 22:15:15 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.156 2002/06/10 17:45:20 stevesk Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -1083,9 +1083,6 @@
Note that this
declaration only affects the client side and has no effect whatsoever
on security.
-Disabling rhosts authentication may reduce
-authentication time on slow connections when rhosts authentication is
-not used.
Most servers do not permit RhostsAuthentication because it
is not secure (see
.Cm RhostsRSAAuthentication ) .
@@ -1094,7 +1091,7 @@
or
.Dq no .
The default is
-.Dq yes .
+.Dq no .
This option applies to protocol version 1 only.
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
@@ -1104,7 +1101,7 @@
or
.Dq no .
The default is
-.Dq yes .
+.Dq no .
This option applies to protocol version 1 only and requires
.Nm
to be setuid root.