openssh-3.0p1, auth2.c
Markus Friedl
markus at openbsd.org
Sat Nov 10 23:39:07 EST 2001
On Fri, Nov 09, 2001 at 10:23:40AM +0100, Hans Werner Strube wrote:
> openssh-3.0p1 still contains the bug
is it a bug? we need to use voting to bugzilla.
> which I already reported on Sept. 28 2001
> for 2.9p2, namely, the trailing dot in chost should be stripped before calling
> auth_rhosts2() even with option "HostbasedUsesNameFromPacketOnly yes".
> Otherwise, the host names in /etc/hosts.equiv and .rhosts would have to be
> dot-terminated. Fix: Move lines 776-779 of auth2.c upwards to after line 767.
> (These line numbers also hold for 2.9.9p2.)
1) HostbasedUsesNameFromPacketOnly is experimental and undocumented
2) if HostbasedUsesNameFromPacketOnly is used, then
the client can send any opaque 'string' it likes to use, e.g.
"markus at openssh.com."
or even
"...."
so sshd should not modify this string.
why are you using HostbasedUsesNameFromPacketOnly ?
-m
More information about the openssh-unix-dev
mailing list