ssh does this if (and only if) it runs setuid root. The reason is
that if the other side allows .rhosts (rsh-style) authentication, it
has to know that it is indeed talking to a bona fide ssh on the other
side, and not a user-spoof process.
If you don't install ssh .rhosts authentication will fail even if
enabled at the target site, but ssh will behave like any other TCP
process.
rsh does the same thing, and there you don't even have any
alternatives.
-hpa
-- PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD 1E DF FE 69 EE 35 BD 74 See http://www.zytor.com/~hpa/ for web page and full PGP public key Always looking for a few good BOsFH. ** Linux - the OS of global cooperation I am Baha'i -- ask me about it or see http://www.bahai.org/