ssh -2 and hostbasedauth
Gert Doering
gert at greenie.muc.de
Sun Nov 18 11:28:23 EST 2001
Hi,
On Sat, Nov 17, 2001 at 01:14:47PM -0500, Dan Astoorian wrote:
> Moreover, perhaps existing instances of packet_send_debug()--such as the
> "accepted by .shosts" message previously discussed--be reevaluated for
> the appropriateness and necessity of the information they disclose.
I find it VERY useful to see why things are not working as expected.
There are too many things that can be wrong if ".shosts doesn't work"
(hostbased auth off, rhosts being ignored, key not known, key not known
with full host name, wrong protocol being used for known key (RSA/DSA) etc).
I can see the argument about disclosing information (which not-to-do is
one of the mantras of security), but I'm not really sure why this would
give a hacker advantage, unless he has already access to the box, like
write-access-over-NFS-on-$HOME or so.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list