From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Fri, 27 Nov 2009 11:27:54 -0500 To: lucio@proxima.alt.za, 9fans@9fans.net Message-ID: In-Reply-To: <<6762cbd7bf173e42934a64dc83c8c058@proxima.alt.za>> References: <<6762cbd7bf173e42934a64dc83c8c058@proxima.alt.za>> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] SSH server Topicbox-Message-UUID: a46be2c0-ead5-11e9-9d60-3106f5b1d025 > >> so i don't think that '*' is required. however i think that > >> running from /rc/bin/service.auth is. > > > > You can do one or the other. > > The latter should be deprecated, the former uses the Plan 9 security > model as intended. At least, that's my _opinion_. they're not equivalent. giving none the ability to authenticate with the host's ssh key seems like a really bad idea to me. trivial attack: none could run a hacked ssheserve with a key logger. - erik