OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] more on SSH
From: Eilert Brinkmann (eilertInformatik.Uni-Bremen.DE)
Date: Fri Aug 25 2000 - 09:09:06 CDT


Draven Loving <greddygte.net> wrote:
> 2. If i do decide to use the SSH source ...there's an option on the
> ./configure --disable-suid-ssh ..is this practical and does it have
> any security implications?

If you are paranoid (e.g., if you suspect exploitable bugs in ssh) you
might consider it more secure not to have ssh suid-root. OTOH this
makes it impossible for the ssh client (when used by a normal user) to
bind to a priviledged port and to use the private hostkey for
authentication, so any host based authentication (RhostsAuthentication
and RhostsRSAAuthentication) will not work. I.e., not installing the
ssh client suid-root will restrict you to RSAAuthentication (per user
RSA-Keys) or PasswordAuthentication when logging in to a remote host.

Eilert

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik
eilertinformatik.uni-bremen.de - eilerttzi.org - eilertlinuxfreak.com
              http://www.informatik.uni-bremen.de/~eilert/

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com