search for: rhostsauthentication

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client...

http://bugzilla.mindrot.org/show_bug.cgi?id=516 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|RhostsAuthentication failing|RhostsAuthentication failing |under AIX 4.3.3 |with privsep ------- Additional Comments From markus at openbsd.org 2003-03-24 23:13 ------- ok, there is no privsep code for rhosts authentication. should it be added? rhosts is insecure and there are altern...

...onfig from the server... Compared to the same part of the sshd_config on our server: > Protocol 1 No such entry in my sshd_config on server, does it matter for this case ? > RSAAuthentication no "yes" on our server > PasswordAuthentication no "yes" on our server > RhostsAuthentication yes "no" on our server > IgnoreRhosts no Same here, i.e. "no", just to read .shosts (comment in the sshd_config example) > I have "client" listed in the /etc/hosts.equiv file and... > (for testing purposes.) "rlogin server" from the client works f...

Hi, is anybody out there still using RhostsAuthentication? Can we please remove it? I just stumbled over a few sshd_config's set up by colleagues who didn't bother to understand what they are doing, and since .shosts didn't work anymore after upgrading to OpenSSH 3, they just enabled RhostsAuth and voila, back to "working"... Yes,...

...red I'ld first get rhosts authentication working and then move to rhosts/RSA authentication (if that doesn't require passphrase.) first things first... rhosts authentication... Here's the sshd_config from the server... Protocol 1 RSAAuthentication no PasswordAuthentication no RhostsAuthentication yes IgnoreRhosts no I have "client" listed in the /etc/hosts.equiv file and... (for testing purposes.) "rlogin server" from the client works fine, login is granted without a password. So I know rhosts authentication is configured correctly for at least rsh. However here'...

http://bugzilla.mindrot.org/show_bug.cgi?id=516 Summary: RhostsAuthentication failing under AIX 4.3.3 Product: Portable OpenSSH Version: 3.5p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org Repor...

Hi, there is a tiny bug in readconf.c: options->use_privileged_port is always set to 0 regardless of whether -P is specified or not. This has the effect that RhostsAuthentication is disabled even if "RhostsAuthentication yes" is specified. The (trivial) patch is appended below. Martin ======================================================================== Martin Siegert Academic Computing Services phone: (604) 291-4691 Simon Fraser Unive...

I found this problem when working with the Suse9.1 distribution, but have since reproduced it with a vanilla build of Openssh (openssh-3.9p1.tar.gz). Basically I cannot get a command like this: XXXX>ssh -vvv -1 -o "RhostsAuthentication yes" AAAA to work. Yes the appropriate settings are in the servers sshd_config file. Hostbased protocol 1 ssh using rhosts between computers is something we normally do as we have some Dec Alphas, otherwise we would only be using protocol 2 which is fine for hostbased authent using rhosts....

...its 768 # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging # Authentication: LoginGraceTime 600 PermitRootLogin yes StrictModes no RSAAuthentication no PubkeyAuthentication no AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts no # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication yes # Uncomment if you don't trust ~/.ssh/known_hosts for...

...then echo echo "There are still ssh processes running. Please shut them down first." echo - exit 1 + #exit 1 fi # Check for ${SYSCONFDIR} directory @@ -234,9 +234,9 @@ then # Site-wide defaults for various options # Host * -# ForwardAgent yes -# ForwardX11 yes -# RhostsAuthentication yes +# ForwardAgent no +# ForwardX11 no +# RhostsAuthentication no # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes @@ -244,22 +244,14 @@ then # UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking no +# StrictHostKeyCheck...

Okay, we think we've resolved them all now *wipe brow* There were two outstanding problems... Problem 1: The config file has two directives in it: IgnoreRhosts RhostsAuthentication Without realizing it, even though I had IgnoreRhosts set to 'no', RhostsAuthentication was set to 'no' also, so it didn't matter ... This appears to fix the authentication issue of last week :( Problem 2: A regular user can't ssh to another users account on a remote s...

...RedHat Linux 7.1) to OpenSSH 3.4p1, connections using RhostsRSAAuthentication seem to be impossible. ssh does not even try this mode of authentication, even when it is the only one enabled in the configuration file. This is my ssh_config: Host * ForwardX11 yes Protocol 1,2 RhostsAuthentication no RhostsRSAAuthentication yes HostbasedAuthentication yes RSAAuthentication no PasswordAuthentication no And this is my sshd_config: IgnoreUserKnownHosts yes X11Forwarding yes RhostsAuthentication no RhostsRSAAuthentication yes HostbasedAuthentication no RSAAuthen...

...ntrib/cygwin/ssh-host-config,v retrieving revision 1.10 diff -p -u -r1.10 ssh-host-config --- contrib/cygwin/ssh-host-config 9 Nov 2002 15:59:29 -0000 1.10 +++ contrib/cygwin/ssh-host-config 16 Sep 2003 22:34:43 -0000 @@ -279,12 +279,14 @@ then # Host * # ForwardAgent no # ForwardX11 no -# RhostsAuthentication no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes +# HostbasedAuthentication no # BatchMode no # CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh...

...Nov 14 07:54:28 2000 @@ -538,6 +538,10 @@ additional forwardings can be given on the command line. Only the superuser can forward privileged ports. + RetryDelay + Specifies the number of seconds to delay between each connection + attempt. + RhostsAuthentication Specifies whether to try rhosts based authentication. Note that this declaration only affects the client side and has no effect diff -u --recursive openssh-2.3.0p1/ssh.1 openssh-2.3.0p1-new/ssh.1 --- openssh-2.3.0p1/ssh.1 Fri Oct 27 23:19:58 2000 +++ openssh-2.3.0p1-new...

...+ openssh-2.1.1p2/scp.1 Fri Jul 7 12:25:32 2000 @@ -106,6 +106,14 @@ Forces .Nm to use IPv6 addresses only. +.It Fl L +Use a non-privileged port for outgoing connections. +This can be used if your firewall does +not permit connections from privileged ports. +Note that this option turns off +.Cm RhostsAuthentication +and +.Cm RhostsRSAAuthentication . .Sh AUTHORS Timo Rinne <tri at iki.fi> and Tatu Ylonen <ylo at cs.hut.fi> .Sh HISTORY --- openssh-2.1.1p2.orig/scp.0 Sat Jul 1 04:43:10 2000 +++ openssh-2.1.1p2/scp.0 Fri Jul 7 12:27:42 2000 @@ -56,6 +56,11 @@ -6 Forces scp to use IP...

...ges and is not recommended. Other Changes: ============== - documentation for the client and server configuration options have been moved to ssh_config(5) and sshd_config(5). - the server now supports the Compression option, see sshd_config(5). - the client options RhostsRSAAuthentication and RhostsAuthentication now default to no, see ssh_config(5). - the client options FallBackToRsh and UseRsh are deprecated. - ssh-agent now supports locking and timeouts for keys, see ssh-add(1). - ssh-agent can now bind to unix-domain sockets given on the command line, see ssh-agent(1). - fixes problems with valid RS...

I've installed OpenSSH 2.9p1 on Solaris 2.7 and I am trying to get rhost authentication working. Something appears to be wrong with the client side as I can do rhost auth with a ssh1.2.27 client. Any help would be appreciated. /opt/openssh-2.9p1/etc/ssh_config is: ForwardX11 yes RhostsAuthentication yes /opt/openssh-2.9p1/etc/sshd_config is: Port 22 IgnoreRhosts no StrictModes yes X11Forwarding yes X11DisplayOffset 10 KeepAlive yes SyslogFacility AUTH LogLevel INFO RhostsAuthentication yes RhostsRSAAuthentication no HostbasedAuthentication yes RSAAuthentication yes PasswordAuthentication yes...

...3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent yes # ForwardX11 yes # RhostsAuthentication yes # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes # FallBackToRsh yes # UseRsh no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking no # IdentityFile ~/.ssh/identity # Port 22 # Protocol 2,1 # Cipher 3des # EscapeChar ~ # Be par...

...for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. # Configuration data is parsed as follows: # 1. command line options @@ -237,20 +279,19 @@ then # ForwardAgent no # ForwardX11 no # RhostsAuthentication no -# RhostsRSAAuthentication yes +# RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes -# FallBackToRsh no -# UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking yes +# StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity...

...s files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthenticat...