[Bug 3148] Unable to perform host-based authentication as root if "IgnoreRhosts" is set to "yes" on server configuration
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Apr 14 22:29:41 AEST 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3148
--- Comment #7 from Anderson Medeiros Gomes <amg1127 at gmail.com> ---
Ok. The proposed solution sounds good to me. Thanks, Damien.
Although sole host-based authentication for superuser is a bad security
practice, I think that OpenSSH should be sufficiently flexible to allow
such configuration and fit specific needs. I know that my request
sounds weird.
Please, could the documentation be patched to in order to clarify that
refusing host-based root login is intentional? I propose something like
this:
-------------------------------------------
----------- man(5) sshd_config ------------
HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
(host-based authentication). /etc/hosts.equiv is always ignored for
host-based superuser authentication. The default is no.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list