Rhosts-RSA authentication broken
Bladt Norbert
Norbert.Bladt at adi.ch
Tue Mar 20 19:53:28 EST 2001
Hello !
I think a problem was introduced in openssh-2.3.0p1 which is
still there in the latest openssh-2.5.2p1. I just noticed it
before my vacation and could not send this mail earlier than
today.
The problem is:
You can't use the Rhosts-RSA authentication based on the hosts.equiv
file and the host keys.
The only possible way to do rhosts-RSA authentication is to allow
the usage of the .rhosts/.shosts file and put the information in
there.
If you have "IgnoreRhosts yes" in the configuration file for
the sshd, no rhosts-RSA authentication is done because
it is not configured.
The reason are the following wrong lines of source in auth-rh-rsa.c:
/* Check if we would accept it using rhosts authentication. */
if (!auth_rhosts(pw, client_user))
return 0;
I applied the attached patch and now it works, again.
Please advice if this is not the right fix or whether this
change was intended.
Thanks for providing openssh !
Regards,
Norbert.
P.S. I am not subscribed to the developer list so a cc:
to my mail address is appreciated.
--
Norbert Bladt
ATAG debis Informatik, ISM-TZ1 / Z302
Industriestrasse 1, CH 3052-Zollikofen
E-Mail: norbert.bladt at adi.ch Tel.: +41 31 915 3964 Fax: +41 31 915 3640
<<auth-rh-rsa.diff>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth-rh-rsa.diff
Type: application/octet-stream
Size: 529 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010320/f3000ef0/attachment.obj
More information about the openssh-unix-dev
mailing list