ssh-keysign is setuid root
The ssh-keysign binary is only used by the ssh command for authentication via the client’s private host key (as opposed to the user’s key) and username, a scheme which is rarely used and has dubious security properties. Since bugs in this program could yield local root compromise or expose the host key to users (allowing MITM attacks against ssh logins), this program should be considered high-risk and should not be installed setuid by default. It could be moved to a separate optional package or just removed.
(from redmine: issue id 3311, created on 2014-08-27, closed on 2014-12-09)
- Changesets:
- Revision faaf8297 by Natanael Copa on 2014-08-27T10:51:44Z:
main/openssh: move ssh-keysign to separate subpackage
This is a helper utility for host-based authentication, which is
disabled by default and normally not needed.
We move it to subpackage because it is suid root.
fixes #3311