search for: rhostsrsa

...ve been having a very weird problem with the IRIX version of portable openssh that I think may be a bug in this platform... I've looked through the FAQs and the man pages and can't find why this might not be working. The ssh binary is setuid-root, both ssh and sshd are told that Rhosts and RhostsRSA auth is OK in their config files, etc. I don't want to post my config files and verbose session transcripts right off, because I might be missing something obvious and don't want to clog your mailboxes :) Please let me know what parts of those files will be useful for diagnosing this and I...

...however OpenBSD has not shipped it in that configuration since 2002 (and I suspect these days no vendor does). As far as I can tell, all of the reasons for this no longer apply: - setuid root was needed to bind to a privileged (low numbered) ports. - privileged ports were needed for rhosts and rhostsrsa authentication. rhosts is long dead, and rhostsrsa went with the last of Protocol 1. - root privileges were needed to read the host keys for Protocol 2 hostbased authentication, but that need was replaced by the ssh-keysign setuid helper program, also in 2002. So, does anyone use these and if so...

...encouragement. Important Changes: ================== WARNING: SSH protocol v2 is now the default protocol version use the 'Protocol' option from ssh(1) and sshd(8) if you want to change this. SSH protocol v2 implementation adds support for: HostbasedAuthentication, similar to RhostsRSA in SSH protocol v1 Rekeying (negotiate new encryption keys for the current SSH session, try ~R in interactive SSH sessions) updated DH group exchange: draft-ietf-secsh-dh-group-exchange-01.txt client option HostKeyAlgorithms server option...

...encouragement. Important Changes: ================== WARNING: SSH protocol v2 is now the default protocol version use the 'Protocol' option from ssh(1) and sshd(8) if you want to change this. SSH protocol v2 implementation adds support for: HostbasedAuthentication, similar to RhostsRSA in SSH protocol v1 Rekeying (negotiate new encryption keys for the current SSH session, try ~R in interactive SSH sessions) updated DH group exchange: draft-ietf-secsh-dh-group-exchange-01.txt client option HostKeyAlgorithms server option...

http://bugzilla.mindrot.org/show_bug.cgi?id=747 Summary: host authentication requires RSA1 keys Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=454 ------- Additional Comments From markus at openbsd.org 2002-12-10 20:14 ------- hm, i think about adding ManglePort=yes to the options. This option will create Hostkeyaliases on the fly if the port is != 22, and use 'foor.bar.com at portXXX' as an alias. ------- You are receiving this mail because: ------- You are the assignee for

...-swapping), because the same binary works on another 2.2.16 machine. It's not a Slackware problem, since two of the problematic servers are Debian binaries on Debian servers. In fact I have run out of ideas, which is why I'm turning to you clever folks. The workaround is to use Rhosts or RhostsRSA authentication so that I don't have to enter my password. But that's a bit nasty and I'd rather get this figured out for good. Clients: ======== Kernel 2.2.16, Slackware. SSH Version OpenSSH-1.2.3, protocol version 1.5. Compiled with SSL. ...and: SSH Version OpenSSH_2.1.1, protoc...

Hi. I have a client machine using ssh as root via key authorization to a server. The client uses rsync to send backup data to the server. I use ForceCommand to allow only this activity when using key authorization. But I also want to be able to ssh as root with a required password to do whatever I like. So I thought that in addition to root, I'd make a rootback account:

I'd like to see a feature of the commercial ssh in openssh: AllowHosts xxx.yyy.xxx.yyy *.domain.net DenyHosts xxx.yyy.xxx.* name.domain.net This allows or denies connects from certain machines (including wildcard matching). Is there any chance for this feature to be included? No, we don't want to use tcp-wrapper for this. Bye.