Possible problem with hostbased protocol 1 rhosts authentication

Iain Morgan imorgan at nas.nasa.gov
Wed Aug 25 02:01:43 EST 2004


On Tue Aug 24 01:30:10 2004, Mike Rose wrote:
> 
> I found this problem when working with the Suse9.1 distribution, but have
> since reproduced it with a vanilla build of Openssh
> (openssh-3.9p1.tar.gz). Basically I cannot get a command like this:
> 
> XXXX>ssh -vvv -1 -o "RhostsAuthentication yes" AAAA
> 
> to work. Yes the appropriate settings are in the servers sshd_config file.
> 
> Hostbased protocol 1 ssh using rhosts between computers is something we
> normally do as we have some Dec Alphas, otherwise we would only be using
> protocol 2 which is fine for hostbased authent using rhosts.

Do you mean RhostsRSAAuthentication? I believe that RhostsAuthentication was
dropped some time ago. Also, note that the ssh binary is no longer setuid root.
(It hasn't been for quite some time.) 

For version 2, ssh uses the setuid root binary, ssh-keysign, when doing 
Hostbased authentication. However, ssh does not use this binary when
using protocol 1. To use RhostsRSAAuthentication for any user other than root,
you must make the ssh binary setuid root and accept any risks therof.

> 
> "
> ssh -vvv -1 -o "RhostsAuthentication yes" AAAA
> OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 1
> debug1: Connecting to AAAA [AAAA] port 22.
> debug1: Allocated local port 1023.
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug1: identity file /u/XXXXXX/mr/.ssh/identity type -1
> debug1: Remote protocol version 1.5, remote software version 1.2.27
> debug1: no match: 1.2.27
> debug1: Local version string SSH-1.5-OpenSSH_3.8p1
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key (1024 bits).
> debug3: check_host_in_hostfile: filename /u/XXXXXX/mr/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 73
> debug3: check_host_in_hostfile: filename /u/XXXXXX/mr/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 73
> debug1: Host 'AAAA' is known and matches the RSA1 host key.
> debug1: Found key in /u/XXXXXX/mr/.ssh/known_hosts:73
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug2: cipher_init: set keylen (16 -> 32)
> debug2: cipher_init: set keylen (16 -> 32)
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Doing password authentication.
> mr at tcm30's password:
> "
> 
> # This is ssh server systemwide configuration file.
> "
> Port 22
> ListenAddress 0.0.0.0
> HostKey /etc/ssh_host_key
> RandomSeed /etc/ssh_random_seed
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 7200
> PermitRootLogin yes
> IgnoreRhosts no
> StrictModes yes
> QuietMode no
> X11Forwarding yes
> X11DisplayOffset 10
> FascistLogging no
> PrintMotd yes
> KeepAlive yes
> SyslogFacility DAEMON
> RhostsAuthentication yes
> RhostsRSAAuthentication yes
> RSAAuthentication no
> PasswordAuthentication yes
> PermitEmptyPasswords no
> UseLogin no
> "
> 
> 
> The rest of the detail is in the attached text file.
> 
> 
> I hope that is enough info.
> 
> regards,
> 
> Mike Rose


--
Iain Morgan
NAS Desktop Support Group




More information about the openssh-unix-dev mailing list