Peter Svensson <petersv@df.lth.se> writes:

> Unless you want to replace rsh/rlogin with ssh. You can only use the 
> one-key-per-person mode if ssh is not setuid. To allow one computer to trust 
> the credentials of users from another they must run ssh suid, so it can 
> allocate a low port (<1024) and read the ssh_host_key.

This isn't entirely true.

I use ssh to connect to the machine next to me all the time.  I do need
to have my public key in the remote user's .ssh/authorized_keys file,
but it still works just fine.

My main reason to remove the setuid bit was so it could work through
our rather restrictive firewall.

--Michael