rhosts/shosts handling in sshd
Todd C. Miller
Todd.Miller at sudo.ws
Mon Dec 19 02:07:29 AEDT 2022
On Sun, 18 Dec 2022 15:30:26 +0100, =?UTF-8?Q?Thomas_K=c3=b6ller?= wrote:
> after much trying and code-digging I found that hostbased authentication
> for root is handled differently than for other users. This is from
> auth-rhosts.c:
>
> 236 /*
> 237 * If not logging in as superuser, try /etc/hosts.equiv and
> 238 * shosts.equiv.
> 239 */
> 240 if (pw->pw_uid == 0)
> 241 debug3_f("root user, ignoring system hosts files");
> 242 else {
>
> This behavior is apparently not documented anywhere, and I just cannot
> think of a reason why this is done. Can someone enlighten me?
This is historical practice that comes from the BSD rlogin/rsh
(actually libc/net/rcmd.c) and was documented in rcmd(3) on BSD
systems. The meager documentation of it in ssh is probably a case
of "everyone knows it works that way". However, the behavior is
described in ssh(1) in the host-based authentication section.
As for the reason, just because you want to allow unprivileged users
to be able to login from one system without a password does not
mean you necessarily want the root user to be able to do so as well.
I think it still makes sense to require root equivalency to be
explicitly set via .rhosts/.shosts if you are going to be using
host-based authentication.
- todd
More information about the openssh-unix-dev
mailing list