search for: rhostsrsaauthentication

http://bugzilla.mindrot.org/show_bug.cgi?id=342 Summary: RhostsRSAAuthentication does not work with 3.4p1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org...

...------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From stevesk at pobox.com 2002-07-18 14:33 ------- ssh is by default not set-uid root. re-open if this is the the cause. RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. The argument must be ``yes'' or ``no''. The default is ``no''. This option applies to protocol version 1 only and requires ssh to be setuid...

..in the ssh client, that is. Couldn't spot this in the web archive and am not subscribed--please cc me any replies

http://bugzilla.mindrot.org/show_bug.cgi?id=342 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-05-14 22:57

...ication no PubkeyAuthentication no AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts no # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no ****ssh_config...

...t; echo - exit 1 + #exit 1 fi # Check for ${SYSCONFDIR} directory @@ -234,9 +234,9 @@ then # Site-wide defaults for various options # Host * -# ForwardAgent yes -# ForwardX11 yes -# RhostsAuthentication yes +# ForwardAgent no +# ForwardX11 no +# RhostsAuthentication no # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes @@ -244,22 +244,14 @@ then # UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking no +# StrictHostKeyChecking yes +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_...

...am_limits.so The contents of sshd_config are: Port 22 Protocol 2,1 HostKey /usr/local/etc/ssh/ssh_host_key HostKey /usr/local/etc/ssh/ssh_host_rsa_key HostKey /usr/local/etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes RhostsRSAAuthentication StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes PrintLastLog no SyslogFacility AUTH LogLevel INFO RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no UsePAM yes #ChallengeResponseAuthenticati...

...t_key RandomSeed /etc/ssh_random_seed ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 7200 PermitRootLogin yes IgnoreRhosts no StrictModes yes QuietMode no X11Forwarding yes X11DisplayOffset 10 FascistLogging no PrintMotd yes KeepAlive yes SyslogFacility DAEMON RhostsAuthentication yes RhostsRSAAuthentication yes RSAAuthentication no PasswordAuthentication yes PermitEmptyPasswords no UseLogin no " The rest of the detail is in the attached text file. I hope that is enough info. regards, Mike Rose -------------- next part -------------- . How to reproduce: XXXXX:~> ssh -vvv -1 -o "Rhost...

...ile provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. # Configuration data is parsed as follows: # 1. command line options @@ -237,20 +279,19 @@ then # ForwardAgent no # ForwardX11 no # RhostsAuthentication no -# RhostsRSAAuthentication yes +# RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes -# FallBackToRsh no -# UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking yes +# StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_dsa...

...v retrieving revision 1.10 diff -p -u -r1.10 ssh-host-config --- contrib/cygwin/ssh-host-config 9 Nov 2002 15:59:29 -0000 1.10 +++ contrib/cygwin/ssh-host-config 16 Sep 2003 22:34:43 -0000 @@ -279,12 +279,14 @@ then # Host * # ForwardAgent no # ForwardX11 no -# RhostsAuthentication no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes +# HostbasedAuthentication no # BatchMode no # CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_dsa @@ -397,7 +399,7 @@ Port...

.... Port 22 ListenAddress 0.0.0.0 #ListenAddress :: HostKey /usr/local/etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRS...

.... Some specific users should be only reachable from the inside, so e.g. though something like this would do the job in sshd_config: #general config #... Match User foo LocalAddress 10.0.0.1,fe80:abba::0 PasswordAuthentication no KbdInteractiveAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no KerberosAuthentication no GSSAPIAuthentication no RSAAuthentication no PubkeyAuthentication yes Match User foo LocalAddress !10.0.0.1,!fe80:abba::0 PasswordAut...

...yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no Perm...

...cation yes #AuthorizedKeysFile %h/.ssh/authorized_keys2 # rhosts authentication should not be used #RhostsAuthentication no # Don''t read the user''s ~/.rhosts and ~/.shosts files IgnoreRhosts no # For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts RhostsRSAAuthentication yes # similar for protocol version 2 HostbasedAuthentication yes # Uncomment if you don''t trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # U...

I have a ssh enabled server and client machine (we'll call them "server" and "client" respectively...) They both have proper RSA and DSA keys,using protocol version 2 works fine between them. (so ssh itself and the network is working fine) However, I want to get something that will work with rsync without having to manually enter passwords, passphrases, or enter such

...s been replaced by PubkeyAuthentication. Fingerprinting works for all types of keys: $ ssh-keygen -l -f $HOME/.ssh/{authorized_keys,known_hosts}{,2} 5) Important changes in the implementation of SSH 1 protocol: The OpenSSH server does not require a privileged source port for RhostsRsaAuthentication, since it adds no additional security. Interoperation with SSH 1.4 protocol 6) New option HostKeyAlias This option allows the user to record the host key under a different name. This is useful for tunneling over forwarded connections or if you run multiple sshd's on diffe...

...s been replaced by PubkeyAuthentication. Fingerprinting works for all types of keys: $ ssh-keygen -l -f $HOME/.ssh/{authorized_keys,known_hosts}{,2} 5) Important changes in the implementation of SSH 1 protocol: The OpenSSH server does not require a privileged source port for RhostsRsaAuthentication, since it adds no additional security. Interoperation with SSH 1.4 protocol 6) New option HostKeyAlias This option allows the user to record the host key under a different name. This is useful for tunneling over forwarded connections or if you run multiple sshd's on diffe...

...etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_rsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts Rhos...

...acility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable...

...yslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable...