RhostsAuthentication + nondefault port doesn't work?

Pekka Savola pekkas at netcore.fi
Wed Nov 1 04:33:32 EST 2000 

On Tue, 31 Oct 2000, Markus Friedl wrote:

> i have not looked into this.
> perhaps a bug, perhaps a feature inherited from ssh-1.2.12.
> 
> On Tue, Oct 31, 2000 at 03:27:39PM +0200, Pekka Savola wrote:
> > On Tue, 31 Oct 2000, Markus Friedl wrote:
> > 
> > > try a serverport below 1024.
> > > does this work?
> > 
> > Yes.
> > 
> > I'm not sure if this is an (old?) intentional "security measure".  Even if
> > some evil user ran sshd on some non-privileged port, the authentication
> > would have to happen with root privileges anyway.. 

Yes.  This is an obsolete check from ssh-1.2.12.  It only proves the
server was started as root, but root can have servers running on other
ports too (e.g. 2022 for debugging :).  Anyway, there are other
authorization methods which deal with this.

Also, it seems this check has been removed in newer "commercial" ssh
versions too.

The patch attached will fix the problem, and also make sshd a little more
informative about what it's doing.  What are those verbose levels for
anyway if they're not used ;-)

-- 
Pekka Savola                 "Tell me of difficulties surmounted, 
Pekka.Savola at netcore.fi      not those you stumble over and fall"
-------------- next part --------------
--- sshconnect.c.orig	Sat Sep 23 09:15:57 2000
+++ sshconnect.c	Tue Oct 31 18:33:16 2000
@@ -249,9 +249,9 @@
 			/* Create a socket for connecting. */
 			sock = ssh_create_socket(original_real_uid,
 #ifdef HAVE_CYGWIN
-			    !anonymous && port < IPPORT_RESERVED,
+			    !anonymous,
 #else
-			    !anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
+			    !anonymous && geteuid() == 0,
 #endif
 			    ai->ai_family);
 			if (sock < 0)
--- sshd.c.orig	Sat Oct 14 08:23:13 2000
+++ sshd.c	Tue Oct 31 18:57:21 2000
@@ -1065,6 +1065,7 @@
 	 */
 	if (remote_port >= IPPORT_RESERVED ||
 	    remote_port < IPPORT_RESERVED / 2) {
+		debug("Rhosts Authentication methods disabled, originating port not trusted.");
 		options.rhosts_authentication = 0;
 		options.rhosts_rsa_authentication = 0;
 	}
--- ssh.c.orig	Sat Oct 28 06:19:58 2000
+++ ssh.c	Tue Oct 31 19:17:31 2000
@@ -590,6 +590,7 @@
 #else
 	if (original_effective_uid != 0 || !options.use_privileged_port) {
 #endif
+		debug("Rhosts Authentication methods disabled, originating port will not be trusted.");
 		options.rhosts_authentication = 0;
 		options.rhosts_rsa_authentication = 0;
 	}

More information about the openssh-unix-dev mailing list