openssh-3.0p1, auth2.c
Richard E. Silverman
slade at shore.net
Mon Nov 12 15:19:35 EST 2001
markus> i think hostbased authentication never has been intended for this.
markus> especially since rhosts-rsa requires a privileged source port.
I don't see how this follows, and I disagree. The privileged source port
requirement in SSH-1 was just a holdover from mimicing rsh -- it was never a
good idea, it is not essential to the notion of host-based authentication, and
it is (properly) not required in SSH-2.
Considering the source address in an authentication method should *always* be
an optional feature. For one thing, it means the method may be run over a
different transport without change (serial line, tunnel of some kind,
"ProxyCommand", etc.). Second, an IP address need not be inherent in a host's
identity, any more than its MAC address is. The host may be mobile,
multihomed, using DHCP, moved from one network to another, its enclosing
network renumbered, etc. If you happen to know that a particular client host
has a static IP address, and you feel like requiring that as an extra measure
of caution, then fine, but I don't think it should ever be a protocol or
feature requirement -- just an implementation optional (as with the "host="
option in authorized_keys).
--
Richard Silverman
slade at shore.net
More information about the openssh-unix-dev
mailing list