Rhosts-RSA authentication broken

Bladt Norbert Norbert.Bladt at adi.ch
Tue Mar 20 19:53:28 EST 2001

Hello !

I think a problem was introduced in openssh-2.3.0p1 which is
still there in the latest openssh-2.5.2p1. I just noticed it
before my vacation and could not send this mail earlier than

The problem is:

You can't use the Rhosts-RSA authentication based on the hosts.equiv
file and the host keys.
The only possible way to do rhosts-RSA authentication is to allow
the usage of the .rhosts/.shosts file and put the information in

If you have "IgnoreRhosts yes" in the configuration file for
the sshd, no rhosts-RSA authentication is done because
it is not configured.
The reason are the following wrong lines of source in auth-rh-rsa.c:

	/* Check if we would accept it using rhosts authentication. */
 	if (!auth_rhosts(pw, client_user))
 		return 0;

I applied the attached patch and now it works, again.
Please advice if this is not the right fix or whether this
change was intended.

Thanks for providing openssh !



P.S. I am not subscribed to the developer list so a cc:
to my mail address is appreciated.

Norbert Bladt
ATAG debis Informatik, ISM-TZ1 / Z302
Industriestrasse 1, CH 3052-Zollikofen
E-Mail: norbert.bladt at adi.ch Tel.: +41 31 915 3964 Fax: +41 31 915 3640

-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth-rh-rsa.diff
Type: application/octet-stream
Size: 529 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010320/f3000ef0/attachment.obj 

More information about the openssh-unix-dev mailing list