Rhosts Authentication broken in 3.4.p1???
Markus Friedl
markus at openbsd.org
Thu Oct 31 21:07:49 EST 2002
On Wed, Oct 30, 2002 at 03:37:12PM -0600, Randy Zagar wrote:
> if (options.rhosts_authentication &&
> (remote_port >= IPPORT_RESERVED ||
> remote_port < IPPORT_RESERVED / 2)) {
> debug("Rhosts Authentication disabled, "
> "originating port %d not trusted.", remote_port);
> options.rhosts_authentication = 0;
> }
well sshd should not set options.rhosts_authentication to 0, but
sshd should make sure rhosts_authentication fails, so
setting options.rhosts_authentication = 0 works just fine.
More information about the openssh-unix-dev
mailing list