AllowHosts / DenyHosts

rmy at tigress.co.uk rmy at tigress.co.uk
Wed Feb 28 22:09:16 EST 2001


Folks,

Dan Kaminsky wrote:

>    There is, of course, the inevitable problem.  If you can't *trust* IP
>addresses, just user authenticators, then what are you doing switching your
>configurations based on addresses?  I'd like to stick to cryptographic
>keys--finally, a genuine use for rhostsrsa?--but clearly we can enhance
>security by ruling out entire swaths of attackers simply due to their
>unspoofed address space.

Sounds a bit like what I proposed back in August:

>It seemed to me that it would be useful to be able to control access to
>my server with the /etc/ssh_known_hosts file, using RSA authentication
>of the remote host.  But the protocol only allows RSA host authentication
>in conjunction with rhosts, while I prefer RSA user authentication.
>
>I've made a patch to the server which adds a new configuration option:
>RSAHostOtherAuthentication.  When this option is enabled RSA host
>authentication is turned on, but without the rhosts check.  Also, RSA
>host authentication on its own is insufficient to authenticate the user.
>The server also requires one other authentication method to succeed.
>It doesn't matter which, and the order in which the methods are tried
>doesn't matter.
>
>With this modified server I can enable RSA authentication of both the
>remote host and the user.  This only works if the client is willing to
>try different authentication methods if the first doesn't succeed.
>
>I'm happy with this, but does it make sense?  Is there any obvious flaw?

The patch against 2.1.1p4 is in the list archive:

   http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=96538738531641&w=2

Ron





More information about the openssh-unix-dev mailing list