Call for testing for coming 2.9 release.

[Markus Friedl]

On Tue, Apr 24, 2001 at 10:09:58PM +0300, Pekka Savola wrote:
> On Tue, 24 Apr 2001 mouring at etoh.eviladmin.org wrote:
> > If we can get people to test their platforms against the last snapshot/cvs
> > tree I'd be greatful. (http://www.openssh.com/portable.html)
> 
> [ IMO, lots of this is also worth a read for Markus and the rest of the
> original OpenSSH folks ]
> 
> Tested on RHL62 and RHL71, built an RPM of the snapshot.
> 
> There is zero man page documentation for HostbasedAuthentication, either
> in ssh.1 or sshd.8.  This has to be fixed.  Some experimental features
> like HostbasedUsesNameFromPacketOnly might be left out, but the main
> procedure and the files involved should be added.

this has been fixed.

> HostbasedAuthentication does not seem to consider files like shosts.equiv,
> just ~/.shosts.  This is a serious shortcoming in campus-like computing
> environments, where traditionally hosts.equiv etc. are used.  The new
> functionality could be easily added, just a few extra checks, I think.

well, HostbasedAuthentication uses the same routine as
RhostsRSAAuthentication for .shosts and friends, so i
don't understand this problem

> hostbased auth in ssh client is tried after password.  Should this be
> reversed (at least when this is more tested)?

you can use PreferredAuthentications to change this order.

Currently hostbased is not really tested.

> You can also gather data from the server configuration, like:
> ---
> [...]
> debug1: next auth method to try is hostbased
> debug1: sig size 20 20
> debug1: Remote: Server has been configured to ignore .shosts.
> debug1: authentications that can continue: publickey,password,hostbased
> debug1: Remote: Server has been configured to ignore .shosts.

this is the same for RhostsRSAAuthentication.

i think i'll add a switch to disable debug messages before
authentication unless debugging is enabled in the server.

-m