OPENSSH 3.4p1-3 on AIX 4.3.3

From: Alf Nicolaysen (Alf.Nicolaysen@de.ibm.com)
Date: 02/13/03

  • Next message: Greg ***: "Re: AIX 5.2 and SSH3.2.x from ssh.com" 
    To: secureshell@securityfocus.com
From: "Alf Nicolaysen" <Alf.Nicolaysen@de.ibm.com>
Date: Thu, 13 Feb 2003 08:42:46 +0100

    Hi all!

    I try to substitute a normal rsh/rlogin environment to a ssh-environment
    on some AIX 4.3.3 machines. For this environment I want to establish a
    PasswordAuthentication (with all his security risks) and, if present, a
    secure login without password using .shosts. Here starts the problem. There
    is no way, as far as I tested, to use a .shosts file. In any case this file
    will be ignored, regardless of modes, ownerships or user.

    There a two ways of loging into a machine: 1) A normal ssh to a machine and
    i have to give the password.
    2) I first copy the id_rsa.pub of the user into the authorized_keys of the
    second machine and then i can login into the machine without password.

    With RhostsAuthentication, I get the only worthful message into the debug
    message:

    debug1: Rhosts Authentication disabled, originating port 33754 not trusted.

    How can the server machine trust a non-privileged port, that is choosen
    randomly??

    What went wrong here?

    regards

    Alf Nicolaysen

    • Quantcast