bugzilla-daemon at mindrot.org
2003-Mar-21 12:13 UTC
[Bug 516] RhostsAuthentication failing under AIX 4.3.3
http://bugzilla.mindrot.org/show_bug.cgi?id=516 Summary: RhostsAuthentication failing under AIX 4.3.3 Product: Portable OpenSSH Version: 3.5p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: Alf.Nicolaysen at web.de It seems to me, that under AIX 4.3.3 ML 10 the Rhostsauthentication fails completely. The files .rhosts, .shosts or even .rhosts.equiv and .shosts.equiv are completely ignored. With my client I ran the following command: /opt/bin/ssh <hostname> -o RhostsAuthentication=yes -o Protocol=1 -o UsePrivilegedPort=yes And here is the debug output from my server # /opt/sbin/sshd -f /opt/etc/sshd_config -d -d debug1: sshd version OpenSSH_3.5p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 9.164.18.22 port 943 debug1: Client protocol version 1.5; client software version OpenSSH_3.5p1 debug1: match: OpenSSH_3.5p1 pat OpenSSH* debug1: Local version string SSH-1.99-OpenSSH_3.5p1 debug1: permanently_set_uid: 7/204 debug1: Sent 768 bit server key and 1024 bit host key. debug2: Network child is on pid 16256 debug1: Encryption type: 3des debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Received session key; encryption turned on. debug2: monitor_read: 28 used once, disabling now debug2: monitor_read: 30 used once, disabling nowdebug1: Installing crc compensation attack detector. debug1: Attempting authentication for root. debug2: monitor_read: 6 used once, disabling now Failed none for root from 9.164.18.22 port 943 debug2: auth_rhosts2: clientuser root hostname 9.164.18.22 ipaddr 9.164.18.22 debug1: temporarily_use_uid: 0/0 (e=7/204) debug1: restore_uid: (unprivileged) Failed rhosts for root from 9.164.18.22 port 943 ruser root Connection closed by 9.164.18.22 debug1: Calling cleanup 0x200013b0(0x0) The files .rhosts, .shosts and .shosts.equiv are existing with 600 rights on AIX. I compiled the version on myself. regards Alf Nicolaysen ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Mar-21 13:37 UTC
[Bug 516] RhostsAuthentication failing under AIX 4.3.3
http://bugzilla.mindrot.org/show_bug.cgi?id=516 ------- Additional Comments From markus at openbsd.org 2003-03-22 00:37 ------- IgnoreRhosts ... The default is ``yes''. /etc/hosts.equiv ... such users are permitted to log in as any user on this machine (except root). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Mar-24 05:54 UTC
[Bug 516] RhostsAuthentication failing under AIX 4.3.3
http://bugzilla.mindrot.org/show_bug.cgi?id=516 ------- Additional Comments From Alf.Nicolaysen at web.de 2003-03-24 16:54 ------- Yes, I set the option "IgnoreRhosts no" in the sshd_config. I also set the option "strictModes no" to prevent a failing here. Nothing helps. Alf ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Mar-24 09:41 UTC
[Bug 516] RhostsAuthentication failing under AIX 4.3.3
http://bugzilla.mindrot.org/show_bug.cgi?id=516 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2003-03-24 20:41 ------- Seems to be a privsep thing. Try running sshd with "-o UsePrivilegeSeparation=no". I can get rhosts authentication to work if I disable privsep. It works as a non-root user with shosts.equiv and with /.shosts as root. With privsep enabled, it fails. I will attach a debug log. I also needed to make ssh setuid root so it could bind to a privileged port. Also, the man page fragment that Markus quoted does not seem clear on root logins with hosts.equiv, however. With a bit more context, it says: "/etc/hosts.equiv This file is used during .rhosts authentication. In the simplest form, this file contains host names, one per line. Users on those hosts are permitted to log in without a password, provided they have the same user name on both machines. The host name may also be followed by a user name; such users are permitted to log in as any user on this machine (except root)." To me, the last sentence seems to say the exception for root applies only when the the optional username follows the hostname. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Mar-24 09:58 UTC
[Bug 516] RhostsAuthentication failing under AIX 4.3.3
http://bugzilla.mindrot.org/show_bug.cgi?id=516 ------- Additional Comments From dtucker at zip.com.au 2003-03-24 20:58 ------- Created an attachment (id=256) --> (http://bugzilla.mindrot.org/attachment.cgi?id=256&action=view) sshd & ssh debug traces for rhosts authentication ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Mar-24 11:43 UTC
[Bug 516] RhostsAuthentication failing under AIX 4.3.3
http://bugzilla.mindrot.org/show_bug.cgi?id=516 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|AIX |All Platform|PPC |All ------- Additional Comments From dtucker at zip.com.au 2003-03-24 22:43 ------- Reproduced on Redhat 8 too, this does not seem to be specific to AIX. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Maybe Matching Threads
- [Bug 516] RhostsAuthentication failing with privsep
- [marco.ortisi@flashcom.it: Re: bug on openssh 3.5p1]
- AW: rhostsauthentication fails. (Or why I hate poorly documented software.)
- openssh 3.5p1 hostbased authentication
- OpenSSH_3.5p1 server, PC clients cannot connect