- markus@cvs.openbsd.org 2002/02/11 16:17:55

[sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled

ChangeLog

@@ -7,6 +7,9 @@
    - markus@cvs.openbsd.org 2002/02/11 16:15:46
      [sshconnect1.c]
      include md5.h, not evp.h
+   - markus@cvs.openbsd.org 2002/02/11 16:17:55
+     [sshd.c]
+     do not complain about port > 1024 if rhosts-auth is disabled
 
 20020210
  - (djm) OpenBSD CVS Sync
@@ -7554,4 +7557,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1840 2002/02/13 02:54:27 djm Exp $
+$Id: ChangeLog,v 1.1841 2002/02/13 02:54:44 djm Exp $

sshd.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.224 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.225 2002/02/11 16:17:55 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1207,8 +1207,9 @@ main(int ac, char **av)
 	 * machine, he can connect from any port.  So do not use these
 	 * authentication methods from machines that you do not trust.
 	 */
-	if (remote_port >= IPPORT_RESERVED ||
+	if (options.rhosts_authentication &&
-	    remote_port < IPPORT_RESERVED / 2) {
+	    (remote_port >= IPPORT_RESERVED ||
+	    remote_port < IPPORT_RESERVED / 2)) {
 		debug("Rhosts Authentication disabled, "
 		    "originating port %d not trusted.", remote_port);
 		options.rhosts_authentication = 0;