Re: Rhosts authentication with openssh 3.7

From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 11/23/03

• Next message: Nico Kadel-Garcia: "Re: X11 forwarding in OpenSSH question"
• Previous message: Nico Kadel-Garcia: "Re: Chroot Environment crazy"
• In reply to: Neil W Rickert: "Re: Rhosts authentication with openssh 3.7"
• Next in thread: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Reply: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 23 Nov 2003 11:13:39 -0500

"Neil W Rickert" <rickert+nn@cs.niu.edu> wrote in message
news:bpmaop$lbm$1@husk.cso.niu.edu...
> ludovic.leclerc@col.bsf.alcatel.fr (ludovic LECLERC) writes:
>
> >> Either:
>
> >> Make "ssh" setuid
>
> >> chown ssh root
> >> chmod u+s ssh
>
> >> or:
>
> >> set EnableSSHKeysign to "yes" in your ssh_config
> >> file. (And make sure that ssh-keysign is setuid).
>
> >Is there still a way with openssh 3.7 to have an authentication only
> >based on .rhosts file (without RSA, DSA keys or stuff like that) ?...
>
> I haven't tried it. This was only ever possible with protocol 1.
>
> Why would you want to allow something that insecure? Best is to
> use ".shosts", and not ".rhosts"
>
> The host based authentication that does work uses ".rhosts" or
> ".shosts", and uses the host keys. You need not generate any
> personal keys.

As I remember, you also have to list the SSH client's hostkeys in a
"known_hostkeys" file, either the user's or the server system's. But it's
been a while since I last tried this....

• Next message: Nico Kadel-Garcia: "Re: X11 forwarding in OpenSSH question"
• Previous message: Nico Kadel-Garcia: "Re: Chroot Environment crazy"
• In reply to: Neil W Rickert: "Re: Rhosts authentication with openssh 3.7"
• Next in thread: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Reply: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Port Assignment- OT in a Small Way ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ... (comp.security.misc) Port Assignment- OT in a Small Way ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ... (comp.security.firewalls) Port Assignment- OT in a Small Way ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ... (alt.computer.security) PORT NUMBER AND SERVICES ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ... (comp.security.firewalls) Re: client -server interaction over XML supporting multiple protocols ... > NETBEUI to access the server to access the functionalities exposed. ... > server doesnot know in advance which client is using what protocol. ... size of the XML and Xfunctionality will determine the demands ... (comp.lang.cpp)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint