Re: Rhosts authentication with openssh 3.7

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 11/25/03

• Next message: sam: "Single Sign On with ssh logon"
• Previous message: Joachim Ring: "Re: Need information on C3 Security for hpux."
• In reply to: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Next in thread: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Reply: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 Nov 2003 00:38:35 GMT

In article <773f08cd.0311240733.20dc976d@posting.google.com>,
ludovic LECLERC <ludovic.leclerc@col.bsf.alcatel.fr> wrote:
>I know that rhosts based authentication is HEAVILY unsecured but in my
>special case, it would help. I don't like the idea of having a feature
>in a software that disappears one day in a release just because
>someone said "what that f... option ?!? still exists ?... ok let's
>blast it !".

>Someone know if there is a patch to restore this option ? (no it's not
>a joke...).

http://www.zip.com.au/~dtucker/openssh/openssh-rhosts.patch

Someone else asked for this earlier so I pulled the patchset that removed
it from CVS and put it up. I'll give you the same advice I gave them:
feed it to "patch -R -p0" then you're on your own. I don't know if it
will apply cleanly to 3.7.1p2 (there will certainly be rejects on the
$OpenBSD CVS tags but you can ignore those).

I don't know if they ended up using it; RhostsRSA was suitable for their
environment and I suggested they use that instead.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Next message: sam: "Single Sign On with ssh logon"
• Previous message: Joachim Ring: "Re: Need information on C3 Security for hpux."
• In reply to: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Next in thread: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Reply: ludovic LECLERC: "Re: Rhosts authentication with openssh 3.7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Rhosts authentication with openssh 3.7 ... Best regards, ... >>I know that rhosts based authentication is HEAVILY unsecured but in my ... > $OpenBSD CVS tags but you can ignore those). ... (comp.security.ssh) Re: How do I change the number of logon opportunities from 3 to 1 ... > sshd is my only method of logging into my system. ... change it at compile time by editing auth.h and changing AUTH_FAIL_MAX ... authentication count too, so if you change that to 1 then many clients ... Good judgement comes with experience. ... (SSH) Re: enable RhostAuthentication ... root user login without keyboard inteaction - OpenSSH_3.4p1 Debia ... >But it does not work and I get in the debug log that "Rhosts ... UsePrivilegedPort is set to yes in ssh_config ... Good judgement comes with experience. ... (comp.security.ssh) Re: configure password prompt in SSH ... OpenBSD machine is using "password" authentication, ... the prompt is supplied by the server (via ... > I have searched the openssh web, read the man pages of ssh_config and ... Good judgement comes with experience. ... (SSH) Re: Does Public Key Authentication offer additional security over SSH/SFTP ... Does setting this up provide an extra layer of security ... in that the private key is much harder for an attacker to guess ... authentication where the client proves to the server that it has access ... Good judgement comes with experience. ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint