RE: OPENSSH 3.4p1-3 on AIX 4.3.3

From: Wilson, Richard E (richard.wilson@eds.com)
Date: 02/13/03

  • Next message: Alf Nicolaysen: "Re: OPENSSH 3.4p1-3 on AIX 4.3.3" 
    From: "Wilson, Richard E" <richard.wilson@eds.com>
To: "'Alf Nicolaysen'" <Alf.Nicolaysen@de.ibm.com>, secureshell@securityfocus.com
Date: Thu, 13 Feb 2003 16:39:59 -0600

    Alf,

    I ran into a similar issue with a combination of Sun systems running SSH
    1.2.27 and Linux systems running a variety of recent OpenSSH versions.
    After some research I found that SSH v1 expects a low number (0-1024) port
    for such connections the logic being that only a privileged process can
    allocate such ports (used to be true in the early days of UNIX, pretty
    meaningless now though). OpenSSH doesn't always use one of these
    "privileged" ports when it connects. It nearly drove me crazy because the
    behavior was not consistent.

    I sent this out to the mailing list asking for solutions and never got an
    answer; I solved my issues by using the ssh-agent process which apparently
    doesn't look at the ports.

    Hope this helps,

    Richard Wilson
    EDS

    -----Original Message-----
    From: Alf Nicolaysen [mailto:Alf.Nicolaysen@de.ibm.com]
    Sent: Thursday, February 13, 2003 1:43 AM
    To: secureshell@securityfocus.com
    Subject: OPENSSH 3.4p1-3 on AIX 4.3.3

    Hi all!

    I try to substitute a normal rsh/rlogin environment to a ssh-environment on
    some AIX 4.3.3 machines. For this environment I want to establish a
    PasswordAuthentication (with all his security risks) and, if present, a
    secure login without password using .shosts. Here starts the problem. There
    is no way, as far as I tested, to use a .shosts file. In any case this file
    will be ignored, regardless of modes, ownerships or user.

    There a two ways of loging into a machine: 1) A normal ssh to a machine and
    i have to give the password.
    2) I first copy the id_rsa.pub of the user into the authorized_keys of the
    second machine and then i can login into the machine without password.

    With RhostsAuthentication, I get the only worthful message into the debug
    message:

    debug1: Rhosts Authentication disabled, originating port 33754 not trusted.

    How can the server machine trust a non-privileged port, that is choosen
    randomly??

    What went wrong here?

    regards

    Alf Nicolaysen

    Relevant Pages

    • why is opensshd "filtered"
      ... ssh is running fine etc. ... PORT STATE SERVICE VERSION ... etc in place mean nmap is unable to ascertain anything further... ... the vanilla sunfreeware package openssh package ...
      (comp.unix.solaris)
    • why is opensshd "filtered"
      ... ssh is running fine etc. ... PORT STATE SERVICE VERSION ... the vanilla sunfreeware package openssh package ...
      (comp.unix.solaris)
    • Re: SSH or Telnet?
      ... >Right now I'm running the latest port version of it on a non-standard port ... All I know tells me it's old and recommend me running OpenSSH ... but you cannot rely on this for any added security. ... use SSH wherever possible, ...
      (FreeBSD-Security)
    • Re: SSH or Telnet?
      ... > Right now I'm running the latest port version of it on a non-standard port ... All I know tells me it's old and recommend me running OpenSSH ... they will find out it's ssh even if it is listening in port 31337. ... ssh protects you against other threats: ...
      (FreeBSD-Security)
    • Re: ssh gives "Permission denied, please try again"
      ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ...
      (uk.comp.os.linux)