Add a question (and answer) about SSH and .shosts in newer FreeBSD

releases.

Requested by:	jkh
Parts submitted by:	-doc

en_US.ISO8859-1/books/faq/book.sgml

@@ -14,7 +14,7 @@
 
     <corpauthor>The FreeBSD Documentation Project</corpauthor>
 
-    <pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.203 2001/05/22 17:17:44 ue Exp $</pubdate>
+    <pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.204 2001/05/22 17:33:26 bmah Exp $</pubdate>
 
     <copyright>
       <year>1995</year>
@@ -7290,6 +7290,43 @@ define(`confDELIVERY_MODE',`deferred')dnl</programlisting>
             securelevel</link> and the &man.init.8; manual page.</para>
         </answer>
       </qandaentry>
+
+      <qandaentry>
+        <question id="ssh-shosts">
+	  <para>Why doesn't SSH authentication through
+	    <filename>.shosts</filename> work by default in recent
+	    versions of FreeBSD?</para>
+	</question>
+
+	<answer>
+	  <para>The reason why <filename>.shosts</filename>
+	    authentication does not work by default in more recent
+	    versions of FreeBSD is because &man.ssh.1; 
+	    is not installed suid root by default.  To
+	    <quote>fix</quote> this, you can do one of the
+	    following:</para>
+
+	  <itemizedlist>
+	    <listitem>
+	      <para>As a permanent fix, set
+		<makevar>ENABLE_SUID_SSH</makevar> to <literal>true</literal>
+		in <filename>/etc/make.conf</filename> and rebuild ssh
+		(or run <command>make world</command>).</para>
+	    </listitem>
+
+	    <listitem>
+	      <para>As a temporary fix, change the mode on
+		<filename>/usr/bin/ssh</filename> to <literal>4555</literal>
+		by running <command>chmod 4755 /usr/bin/ssh</command> as
+		<username>root</username>.  Then add
+		<makevar>ENABLE_SUID_SSH= true</makevar> to
+		<filename>/etc/make.conf</filename> so the change takes
+		effect the next time <command>make world</command> is
+		run.</para>
+	    </listitem>
+	  </itemizedlist>
+	</answer>
+      </qandaentry>
     </qandaset>
   </chapter>
 

en_US.ISO_8859-1/books/faq/book.sgml

@@ -14,7 +14,7 @@
 
     <corpauthor>The FreeBSD Documentation Project</corpauthor>
 
-    <pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.203 2001/05/22 17:17:44 ue Exp $</pubdate>
+    <pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.204 2001/05/22 17:33:26 bmah Exp $</pubdate>
 
     <copyright>
       <year>1995</year>
@@ -7290,6 +7290,43 @@ define(`confDELIVERY_MODE',`deferred')dnl</programlisting>
             securelevel</link> and the &man.init.8; manual page.</para>
         </answer>
       </qandaentry>
+
+      <qandaentry>
+        <question id="ssh-shosts">
+	  <para>Why doesn't SSH authentication through
+	    <filename>.shosts</filename> work by default in recent
+	    versions of FreeBSD?</para>
+	</question>
+
+	<answer>
+	  <para>The reason why <filename>.shosts</filename>
+	    authentication does not work by default in more recent
+	    versions of FreeBSD is because &man.ssh.1; 
+	    is not installed suid root by default.  To
+	    <quote>fix</quote> this, you can do one of the
+	    following:</para>
+
+	  <itemizedlist>
+	    <listitem>
+	      <para>As a permanent fix, set
+		<makevar>ENABLE_SUID_SSH</makevar> to <literal>true</literal>
+		in <filename>/etc/make.conf</filename> and rebuild ssh
+		(or run <command>make world</command>).</para>
+	    </listitem>
+
+	    <listitem>
+	      <para>As a temporary fix, change the mode on
+		<filename>/usr/bin/ssh</filename> to <literal>4555</literal>
+		by running <command>chmod 4755 /usr/bin/ssh</command> as
+		<username>root</username>.  Then add
+		<makevar>ENABLE_SUID_SSH= true</makevar> to
+		<filename>/etc/make.conf</filename> so the change takes
+		effect the next time <command>make world</command> is
+		run.</para>
+	    </listitem>
+	  </itemizedlist>
+	</answer>
+      </qandaentry>
     </qandaset>
   </chapter>