Has ANYONE been able to verify that Rhosts authentication works with
3.4.p1? Does it work with other SSHv2 implementations? Anybody tried
it on a RedHat 7.3 system?
Also, I'm curious about this code I found in sshd.c:
/*
* Check that the connection comes from a privileged port.
* Rhosts-Authentication only makes sense from priviledged
* programs. Of course, if the intruder has root access on his
* local machine, he can connect from any port. So do not use these
* authentication methods from machines that you do not trust.
*/
if (options.rhosts_authentication &&
(remote_port >= IPPORT_RESERVED ||
remote_port < IPPORT_RESERVED / 2)) {
debug("Rhosts Authentication disabled, "
"originating port %d not trusted.", remote_port);
options.rhosts_authentication = 0;
}
It looks to me like this overrides the config file without offering any
way to override this policy. Also, I think this would cause
compatability problems with the non-commercial F-Secure SSH-2.4.x client
as it does not use privileged ports for root client connections.
As a general rule I like to see security and authentication policy
determined by config file and not by hard-coding it into the source.
This code doesn't follow that paradigm.
-Randy
Randy Zagar wrote:> > Has ANYONE been able to verify that Rhosts authentication works with > 3.4.p1? Does it work with other SSHv2 implementations? Anybody tried > it on a RedHat 7.3 system?Don't use rhosts authentication, use hostbased instead.> Also, I'm curious about this code I found in sshd.c: > > > /* > * Check that the connection comes from a privileged port. > * Rhosts-Authentication only makes sense from priviledged > * programs. Of course, if the intruder has root access on his > * local machine, he can connect from any port. So do not use these > * authentication methods from machines that you do not trust. > */ > if (options.rhosts_authentication && > (remote_port >= IPPORT_RESERVED || > remote_port < IPPORT_RESERVED / 2)) { > debug("Rhosts Authentication disabled, " > "originating port %d not trusted.", remote_port); > options.rhosts_authentication = 0; > } > > It looks to me like this overrides the config file without offering any > way to override this policy. Also, I think this would cause > compatability problems with the non-commercial F-Secure SSH-2.4.x client > as it does not use privileged ports for root client connections.>> As a general rule I like to see security and authentication policy > determined by config file and not by hard-coding it into the source. > This code doesn't follow that paradigmYou clearly don't understand rhosts "authentication". -d
On Wed, Oct 30, 2002 at 03:37:12PM -0600, Randy Zagar wrote:> if (options.rhosts_authentication && > (remote_port >= IPPORT_RESERVED || > remote_port < IPPORT_RESERVED / 2)) { > debug("Rhosts Authentication disabled, " > "originating port %d not trusted.", remote_port); > options.rhosts_authentication = 0; > }well sshd should not set options.rhosts_authentication to 0, but sshd should make sure rhosts_authentication fails, so setting options.rhosts_authentication = 0 works just fine.