control of auth methods
Darren Tucker
dtucker at zip.com.au
Sat May 8 15:28:50 EST 2004
Jefferson Ogata wrote:
> The current design of the config file is hardly a triumph of simplicity
> and logic. The auth types have internal names, yet the auth controls are
> this morass of booleans. It would make more sense to list the internal
> names, a la Ciphers.
The current config file design pre-dates OpenSSH. If you look at the
sample config file from ssh-1.2.12 you'll recognise the format (and many
of the current options). Ciphers was added when Markus added SSH
protocol 2 support.
> Instead we have to figure out how various
> combinations of peculiarly named flags such as
> PAMAuthenticationViaKbdInt
That's gone (except as a deprecated warning).
> PermitRootLogin,
This thread is discussing generalizing that.
> ChallengeResponseAuthentication, RhostsRSAAuthentication, UsePam,
> AllowUsers, DenyUsers, etc. interact to produce which set of valid auth
> types for whom. It ends up being trial-and-error to determine whether
> the right users can authenticate the way you want to allow, and /can't/
> authenticate the way you want to prevent, and that's not a good design
> for security.
You could read "trial-and-error" as "testing and validation" :-)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list