Re: OPENSSH 3.4p1-3 on AIX 4.3.3

From: Alf Nicolaysen (Alf.Nicolaysen@de.ibm.com)
Date: 02/14/03

  • Next message: Vangli, Bent: "VS: Strange problem with forwarding X11 traffic - solution !!!"
    To: Neil Martin <Neil@Car-Part.com>
    From: "Alf Nicolaysen" <Alf.Nicolaysen@de.ibm.com>
    Date: Fri, 14 Feb 2003 08:55:31 +0100
    
    

    Neil,

    thx for your answer so far. I tested it immediately and: It did not work!
    Here`s the output for the server in debug modus:

    debug1: Server will not fork when running in debugging mode.
    Connection from 9.164.18.128 port 982
    debug1: Client protocol version 1.5; client software version OpenSSH_3.4p1
    debug1: match: OpenSSH_3.4p1 pat OpenSSH*
    debug1: Local version string SSH-1.99-OpenSSH_3.4p1
    debug2: Network child is on pid 27530
    debug1: Sent 768 bit server key and 1024 bit host key.
    debug1: Encryption type: 3des
    debug2: monitor_read: 28 used once, disabling now
    debug2: monitor_read: 30 used once, disabling nowdebug1: cipher_init: set
    keylen (16 -> 32)

    debug1: cipher_init: set keylen (16 -> 32)
    debug1: Received session key; encryption turned on.
    debug1: Installing crc compensation attack detector.
    debug2: monitor_read: 6 used once, disabling now
    debug1: Attempting authentication for nicolays.
    Failed none for nicolays from 9.164.18.128 port 982
    Could not reverse map address 9.164.18.128.
    debug2: auth_rhosts2: clientuser nicolays hostname 9.164.18.128 ipaddr
    9.164.18.128
    debug1: temporarily_use_uid: 201/1 (e=7)
    debug1: restore_uid
    Failed rhosts for nicolays from 9.164.18.128 port 982 ruser nicolays
    debug1: rcvd SSH_CMSG_AUTH_TIS
    Failed challenge-response for nicolays from 9.164.18.128 port 982

    As you can, the client uses an privileged Port and shows up protocol 1.5.
    At the end of this output, two things are suspicious:

    1)Seems to have name-resolution problems with this IP-Adress 9.164.18.128
    (the client of course), but DNS is ok
    2)Why at the end the server tries to authenticate via the TIS-Auth??

    Further ist says "Failed rhosts for nicolays from 9.164.18.128 port 982"
    What does it exactly mean? Couldn't the server READ the rhosts, in this
    case .shosts? Or couldn't he simply not find it? Or wrong permissions ?
    (Strictmode is set to default = no)

    Any more help is very much appreciated.

    Thx in advance

    Alf Nicolaysen

    Neil Martin <Neil@Car-Part.com> on 13.02.2003 21:51:54

    To: Alf Nicolaysen/Germany/Contr/IBM@IBMDE
    cc:
    Subject: Re: OPENSSH 3.4p1-3 on AIX 4.3.3

    Alf,

    I got that working under 3.5 on Solaris using .rhosts by doing something
    like ssh -o "RhostsAuthentication yes" - o "UsePrivilegedPort yes" - o
    "Procotol 1". It should work for .shosts

    It appears that the version 2 Protocol will not allow rhosts
    authentication. In order to use the privileged port (low ports) you
    will need to set the suid bit on ssh or run ssh from the root account.
    This is very dangerous and insecure since someone would just need to
    spoof one of your clients IP's and they are in. The recommended method
    (under 2.0 of the protocol) would be to use ssh-agent to remember your
    clients pass phrases. This is less vulnerable to spoofing.

    Hope this helps.

    Neil
    Alf Nicolaysen wrote:

    >Hi all!
    >
    >I try to substitute a normal rsh/rlogin environment to a ssh-environment
    >on some AIX 4.3.3 machines. For this environment I want to establish a
    >PasswordAuthentication (with all his security risks) and, if present, a
    >secure login without password using .shosts. Here starts the problem.
    There
    >is no way, as far as I tested, to use a .shosts file. In any case this
    file
    >will be ignored, regardless of modes, ownerships or user.
    >
    >There a two ways of loging into a machine: 1) A normal ssh to a machine
    and
    >i have to give the password.
    >2) I first copy the id_rsa.pub of the user into the authorized_keys of the
    >second machine and then i can login into the machine without password.
    >
    >With RhostsAuthentication, I get the only worthful message into the debug
    >message:
    >
    >debug1: Rhosts Authentication disabled, originating port 33754 not
    trusted.
    >
    >How can the server machine trust a non-privileged port, that is choosen
    >randomly??
    >
    >What went wrong here?
    >
    >regards
    >
    >
    >
    >
    >Alf Nicolaysen
    >
    >
    >
    >



    Relevant Pages

    • Re: OPENSSH 3.4p1-3 on AIX 4.3.3
      ... Teh debug output from the server is exactly the same, ... >another port. ... >reverse dns setup properly for that client? ... >debug1: Server will not fork when running in debugging mode. ...
      (SSH)
    • Re: OPENSSH 3.4p1-3 on AIX 4.3.3
      ... Teh debug output from the server is exactly the same, ... another port. ... reverse dns setup properly for that client? ... debug1: Server will not fork when running in debugging mode. ...
      (SSH)
    • Re: Server refusing connection.
      ... the command line through my PuTTY client, but I cannot load the URLs ... I need some assistance to figure out why my ssh server is refusing my ... debug1: read PEM private key done: type RSA ... Server listening on 0.0.0.0 port 22. ...
      (comp.security.ssh)
    • Non root scp problem
      ... This is a production web server and the webmaster uses a non-root account to copy files constantly. ... debug1: Connecting to ares port 22. ... invalid collation element ...
      (SSH)
    • Re: SSH cant connect
      ... I can ssh to any of my laptops on my local lan but not across the internet. ... Starting sshd: debug1: sshd version OpenSSH_5.4p1 ... Server listening on 0.0.0.0 port 22. ...
      (Fedora)