Proposal to add a DisableAuthentication option to sshd ServerOptions
Henry Qin
hq6 at cs.stanford.edu
Thu Jun 27 14:34:55 AEST 2024
Hi folks,
I've recently started to work on a patch for openssh that introduces a new
option to disable authentication.
I'd like to explain why I think this might be generally useful, and solicit
opinions on whether such a patch would be acceptable to the maintainers as
a pull request.
*Why is this useful?*
Openssh has useful capabilities such as remote and local port-forwarding,
as well as better terminal management compared to older tools like telnet
that support anonymous login.
With this option, we can use openssh in scenarios where authentication is
not required.
*Specific use cases:*
1. Combine sshd on an unprivileged port with kubectl port-forward to
replace kubectl exec for shelling into containers running in a secure
Kubernetes environment. Kubectl exec does not kill processes on disconnect,
and does not support remote port forwarding, while ssh does both of these
things.
2. Run an unauthenticated ssh server on a port that is accessible only
inside a cluster without the risk of someone accidentally exposing a
no-password account on an ssh running on port 22.
*Why is this useful when openssh already has **PermitEmptyPassword*?
PermitEmptyPasswords is a reasonable option for many uses, but it requires
that the user actually has an empty password, which is not desirable if we
also want a user to be accessible externally without the risk of a
misconfigured ssh server on port 22.
This additional option allows a user to be accessible without a password in
environments where authorization is granted by other means, even if they
otherwise have a password.
*Is this a patch that you would be willing to entertain?*
Thanks,
~Henry
More information about the openssh-unix-dev
mailing list