search for: rhosts_authentication

...* Rhosts-Authentication only makes sense from priviledged * programs. Of course, if the intruder has root access on his * local machine, he can connect from any port. So do not use these * authentication methods from machines that you do not trust. */ if (options.rhosts_authentication && (remote_port >= IPPORT_RESERVED || remote_port < IPPORT_RESERVED / 2)) { debug("Rhosts Authentication disabled, " "originating port %d not trusted.", remote_port); options.rhosts_authentication = 0;...

Okay...I've got it narrowed down, just don't know why this is happening... In sshd.c, auth_mask is set to "supported authentication methods": /* Declare supported authentication types. */ auth_mask = 0; if (options.rhosts_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS; if (options.rhosts_rsa_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; if (options.rsa_authentication) auth_mask |= 1 << SSH_AUTH_RSA; Now, in servconf.c, options.rhosts_aut...

...13 2002 +++ openssh-3.0.2p1/readconf.c Wed Jan 23 19:44:45 2002 @@ -822,7 +822,7 @@ if (options->gateway_ports == -1) options->gateway_ports = 0; if (options->use_privileged_port == -1) - options->use_privileged_port = 0; + options->use_privileged_port = 1; if (options->rhosts_authentication == -1) options->rhosts_authentication = 1; if (options->rsa_authentication == -1)

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

...ging in as root and root logins * are disallowed. diff -c openssh-2.1.1p4.orig/servconf.c openssh-2.1.1p4/servconf.c *** openssh-2.1.1p4.orig/servconf.c Sat Jul 15 05:14:17 2000 --- openssh-2.1.1p4/servconf.c Fri Aug 4 10:49:16 2000 *************** *** 52,57 **** --- 52,58 ---- options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->rsa_authentication = -1; + options->rsa_host_other_authentication = -1; options->dsa_authentication = -1; #ifdef KRB4 options->kerberos_authentication = -1; *************** *** 130,135 **** --- 131,138 ---- op...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

....0p3/ssh.c openssh-2.1.0p3-new/ssh.c --- openssh-2.1.0p3/ssh.c Mon May 29 20:44:54 2000 +++ openssh-2.1.0p3-new/ssh.c Mon Jun 5 19:12:59 2000 @@ -578,6 +578,7 @@ ok = ssh_connect(host, &hostaddr, options.port, options.connection_attempts, + options.connection_timeout, !options.rhosts_authentication && !options.rhosts_rsa_authentication, original_real_uid, diff -Naur openssh-2.1.0p3/ssh.h openssh-2.1.0p3-new/ssh.h --- openssh-2.1.0p3/ssh.h Wed May 17 05:34:24 2000 +++ openssh-2.1.0p3-new/ssh.h Mon Jun 5 19:13:55 2000 @@ -323,13 +323,14 @@ * is 0, the default port will be u...

...ew/ssh.c --- openssh-2.3.0p1/ssh.c Fri Oct 27 23:19:58 2000 +++ openssh-2.3.0p1-new/ssh.c Tue Nov 14 07:59:56 2000 @@ -620,7 +620,7 @@ */ ok = ssh_connect(host, &hostaddr, options.port, - options.connection_attempts, + options.connection_attempts, options.retry_delay, !options.rhosts_authentication && !options.rhosts_rsa_authentication, original_real_uid, diff -u --recursive openssh-2.3.0p1/ssh.h openssh-2.3.0p1-new/ssh.h --- openssh-2.3.0p1/ssh.h Sat Oct 14 01:23:12 2000 +++ openssh-2.3.0p1-new/ssh.h Tue Nov 14 07:51:15 2000 @@ -321,11 +321,12 @@ * privileges if anonymous...