Re: Inconsistent behavior on openssh

From: Kris Kennaway (kris@obsecurity.org)
Date: 02/20/01

• Next message: gerald stoller: "Re: ftpd's read-only mode"
• Previous message: Romualdo Arcoverde: "WAVELAN IBSS 2 cards"
• In reply to: Matt Dillon: "Re: Inconsistent behavior on openssh"
• Next in thread: Fernando Schapachnik: "Re: Inconsistent behavior on openssh"
• Reply: Fernando Schapachnik: "Re: Inconsistent behavior on openssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 19 Feb 2001 15:35:42 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Matt Dillon <dillon@earth.backplane.com>

On Mon, Feb 19, 2001 at 10:34:47AM -0800, Matt Dillon wrote:
> :After installing the latest versions of openssh I noted that ssh will
> :not request rhost authentication if run by an user other than root.
> :This is because it can't bind to a low port, as it lost the suid bit.
> :This wasn't like this before.
> :
> :What is supposed to be the standard way of remote ssh logging
> :without password?
> :
> :TIA!
> :
> :Fernando P. Schapachnik
> :Administración de la red
> :VIA NET.WORKS ARGENTINA S.A.
> :fschapachnik@vianetworks.com.ar
> :Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA
>
> Simply install your ~/.ssh/identity.pub in your remote account's
> ~/.ssh/authorized_keys file. That's why I use. I've never in my
> life used .rhosts or .shosts with ssh.

Or if you really want to use RhostsRSAAuthentication, rebuild sshd
with ENABLE_SUID_SSH=true in /etc/make.conf

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• application/pgp-signature attachment: stored

---

• Next message: gerald stoller: "Re: ftpd's read-only mode"
• Previous message: Romualdo Arcoverde: "WAVELAN IBSS 2 cards"
• In reply to: Matt Dillon: "Re: Inconsistent behavior on openssh"
• Next in thread: Fernando Schapachnik: "Re: Inconsistent behavior on openssh"
• Reply: Fernando Schapachnik: "Re: Inconsistent behavior on openssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Inconsistent behavior on openssh ... >> After installing the latest versions of openssh I noted that ssh will ... >> not request rhost authentication if run by an user other than root. ... (FreeBSD-Security) Re: Mksysb failed ... With the innstallation of the ML04 the ssh is now in the direcotry... ... Senior Technology Consultant ... I just installed ssh for AIX 5.1 and I've rebooted the server. ... By the way I'm installing ML04 in this server, that's why I was backing it ... (AIX-L) Re: OSR 5.0.5 and ssh. Can it be done ? jpr please help.. ... > implement ssh. ... I don't garuntee that the very latest version from either JP or SCO works, ... and installing a couple of skunkware packkages to get libz and prgngd. ... JP's package has directions. ... (comp.unix.sco.misc) Re: [Full-Disclosure] SSH Exploit Request ... sshd was linked on an AIX system with the 4.3.3.75 version of libc, ... <estimates number of SSH versions times number of machines, ... least 4 digits> So we've got some 99.98% reliability in installing sshd ... (Full-Disclosure) Re: allow SFTP FTP but not SSH. Can ?? ... After installing, can I ... configure to have only a few user account will only ... be restricted from SSH ?? ... Mail has the best spam protection around ... (Fedora)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-02