rhosts-rsa is no longer automagically disabled if ssh is not privileged.

UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
these changes should not change the visible default behaviour of the ssh client.

1 files changed, 7 insertions, 12 deletions

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 7c8dd17fffa..845df62b960 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.76 2000/12/12 22:30:01 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.77 2000/12/12 23:11:48 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -547,10 +547,9 @@ main(int ac, char **av)
 
 	/* Disable rhosts authentication if not running as root. */
 	if (original_effective_uid != 0 || !options.use_privileged_port) {
-		debug("Rhosts Authentication methods disabled, "
+		debug("Rhosts Authentication disabled, "
 		    "originating port will not be trusted.");
 		options.rhosts_authentication = 0;
-		options.rhosts_rsa_authentication = 0;
 	}
 	/*
 	 * If using rsh has been selected, exec it now (without trying
@@ -573,17 +572,13 @@ main(int ac, char **av)
 	/* Restore our superuser privileges. */
 	restore_uid();
 
-	/*
-	 * Open a connection to the remote host.  This needs root privileges
-	 * if rhosts_{rsa_}authentication is enabled.
-	 */
+	/* Open a connection to the remote host. */
 
 	ok = ssh_connect(host, &hostaddr, options.port,
-			 options.connection_attempts,
-			 !options.rhosts_authentication &&
-			 !options.rhosts_rsa_authentication,
-			 original_real_uid,
-			 options.proxy_command);
+	    options.connection_attempts,
+	    original_effective_uid != 0 || !options.use_privileged_port,
+	    original_real_uid,
+	    options.proxy_command);
 
 	/*
 	 * If we successfully made the connection, load the host private key