[Bug 3148] Unable to perform host-based authentication as root if "IgnoreRhosts" is set to "yes" on server configuration

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Apr 14 22:29:41 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3148

--- Comment #7 from Anderson Medeiros Gomes <amg1127 at gmail.com> ---
Ok. The proposed solution sounds good to me. Thanks, Damien.

Although sole host-based authentication for superuser is a bad security
practice, I think that OpenSSH should be sufficiently flexible to allow
such configuration and fit specific needs. I know that my request
sounds weird.

Please, could the documentation be patched to in order to clarify that
refusing host-based root login is intentional? I propose something like
this:

-------------------------------------------
----------- man(5) sshd_config ------------

HostbasedAuthentication

Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
(host-based authentication).  /etc/hosts.equiv is always ignored for
host-based superuser authentication. The default is no.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list