Draven Loving
2. If i do decide to use the SSH source ...there's an option on the ./configure --disable-suid-ssh ..is this practical and does it have any security implications?
If you are paranoid (e.g., if you suspect exploitable bugs in ssh) you might consider it more secure not to have ssh suid-root. OTOH this makes it impossible for the ssh client (when used by a normal user) to bind to a priviledged port and to use the private hostkey for authentication, so any host based authentication (RhostsAuthentication and RhostsRSAAuthentication) will not work. I.e., not installing the ssh client suid-root will restrict you to RSAAuthentication (per user RSA-Keys) or PasswordAuthentication when logging in to a remote host. Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/