rhosts/shosts handling in sshd
Ingo Schwarze
schwarze at usta.de
Mon Dec 19 02:11:34 AEDT 2022
Hi Thomas,
Thomas Koeller wrote on Sun, Dec 18, 2022 at 03:30:26PM +0100:
> after much trying and code-digging I found that hostbased authentication
> for root is handled differently than for other users. This is from
> auth-rhosts.c:
>
> 236 /*
> 237 * If not logging in as superuser, try /etc/hosts.equiv and
> 238 * shosts.equiv.
> 239 */
> 240 if (pw->pw_uid == 0)
> 241 debug3_f("root user, ignoring system hosts files");
> 242 else {
>
> This behavior is apparently not documented anywhere,
My impression is that it *is* documented.
https://man.openbsd.org/ssh.1#AUTHENTICATION
tells me:
Host-based authentication works as follows: If the machine the user
logs in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on
the remote machine, the user is non-root and [...]
> and I just cannot think of a reason why this is done.
Host-based authentication is a relatively risky authentication
method in the first place, so the security risk of host based
authentication for root access is considered too great for providing
the feature.
For example, that prevents local root exploits on the client host
from turning right into remote root exploits on the server, and there
may be other attack scenarios somewhat mitigated by not providing
the dangerous feature.
> Can someone enlighten me?
Hope this helps,
Ingo
More information about the openssh-unix-dev
mailing list