AllowHosts / DenyHosts
rmy at tigress.co.uk
rmy at tigress.co.uk
Wed Feb 28 22:09:16 EST 2001
Folks,
Dan Kaminsky wrote:
> There is, of course, the inevitable problem. If you can't *trust* IP
>addresses, just user authenticators, then what are you doing switching your
>configurations based on addresses? I'd like to stick to cryptographic
>keys--finally, a genuine use for rhostsrsa?--but clearly we can enhance
>security by ruling out entire swaths of attackers simply due to their
>unspoofed address space.
Sounds a bit like what I proposed back in August:
>It seemed to me that it would be useful to be able to control access to
>my server with the /etc/ssh_known_hosts file, using RSA authentication
>of the remote host. But the protocol only allows RSA host authentication
>in conjunction with rhosts, while I prefer RSA user authentication.
>
>I've made a patch to the server which adds a new configuration option:
>RSAHostOtherAuthentication. When this option is enabled RSA host
>authentication is turned on, but without the rhosts check. Also, RSA
>host authentication on its own is insufficient to authenticate the user.
>The server also requires one other authentication method to succeed.
>It doesn't matter which, and the order in which the methods are tried
>doesn't matter.
>
>With this modified server I can enable RSA authentication of both the
>remote host and the user. This only works if the client is willing to
>try different authentication methods if the first doesn't succeed.
>
>I'm happy with this, but does it make sense? Is there any obvious flaw?
The patch against 2.1.1p4 is in the list archive:
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=96538738531641&w=2
Ron
More information about the openssh-unix-dev
mailing list