setuid for "ssh"
Gavin McDonald
gavitron at gmail.com
Sun Jan 1 22:00:48 UTC 2006
Sachin,
Have you got
PreferredAuthentications hostbased,pubkey,password,keyboard-interactive
in your ~/.ssh/config file?
Also, here's a little something to play with later, if you still
want password-less logins, but with a bit more security:
http://dev.panopticsearch.com/ssh-notes.html
Regards,
Gavin McDonald
========================
EVI Logistic Enterprises
email: me at gavitron.com
phone: (604) 313-3845
_____
From: Sachin Bhugra [mailto:bhugra.sachin at gmail.com]
Sent: Sunday, January 01, 2006 7:47 AM
To: redhat-list at redhat.com; gavitron at gmail.com
Subject: Re: setuid for "ssh"
Hello Gavin,
Yes, indeed, the doc you sent to me is a wonderful work-around and believe
me i have nothing against this wonderful method :-)
I am trying the RhostsAuthentication method just out of curiosity(because
its not working) and definitely i will not assign root permissions to "ssh"
after I get this to work. Yes, you are very right that ssh is pretty tight
about security. Anyways i am partially through with this problem. I can now
assign a privileged port to ssh but /etc/hosts.equiv or
/etc/ssh/shosts.equiv method is not working, i cannot login without
supplying password.
Gavin, here is my sshd_config:
===============================
# test sshd_config
Port 22
Protocol 1
ListenAddress 192.168.0.10:22
SyslogFacility AUTHPRIV
LogLevel DEBUG2
RhostsAuthentication yes
PasswordAuthentication yes
==============================
and my ssh_config is:
=============================
Host *
ForwardX11 yes
RhostsAuthentication yes
UsePrivilegedPort yes
============================
here is what last lines of ssh -vv 192.168.0.10 says:
debug1: Trying rhosts authentication.
debug1: RSA authentication using agent refused.
debug1: Doing challenge response authentication.
debug1: No challenge.
debug1: Doing password authentication.
Any ideas to share???
Regds,
Sachin
More information about the redhat-list
mailing list