by mail.netbsd.org with SMTP; 18 Oct 2000 13:38:51 -0000
	id 2EB5C2A2A; Wed, 18 Oct 2000 09:38:49 -0400 (EDT)
	by orchard.arlington.ma.us (Postfix) with ESMTP
	id D640B1FCD; Wed, 18 Oct 2000 09:38:49 -0400 (EDT)
To: Atsushi Onoe <onoe@sm.sony.co.jp>
Cc: atatat@atatdot.net, cjs@cynic.net,
	hubert.feyrer@informatik.fh-regensburg.de, tech-security@netbsd.org
Subject: Re: setuid ssh 
In-Reply-To: Message from Atsushi Onoe <onoe@sm.sony.co.jp> 
   of "Wed, 18 Oct 2000 22:26:21 +0900." <200010181326.e9IDQLv03069@duplo.sm.sony.co.jp> 
Reply-To: sommerfeld@orchard.arlington.ma.us
Date: Wed, 18 Oct 2000 09:38:44 -0400
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Message-Id: <20001018133849.2EB5C2A2A@orchard.arlington.ma.us>

> I think .rhosts/rsa configuration may still be suitable for some
> enviroment; e.g. remote backup from cron.  Perhaps you want to set
> IgnoreUserKnownHosts.

for backups, you can create a passphraseless trusted key in
~backup/.ssh and get roughly the same security properties without
requiring the ssh client to be setuid.

> I'm afraid that disabling all authentication other than user's RSA
> causes proliferation of ssh-agent, which looks more halmful than
> rhosts/rsa authentication.

the difference is that ssh-agent can be turned off when the user is
not present; this is not the case for .rhosts/rsa.

					- Bill