|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andrew Brown (atatat
atatdot.net)Date: Mon Jul 16 2001 - 02:00:29 CDT
On Sat, Jul 14, 2001 at 11:36:28PM -0400, Michael Richardson wrote:
> Greg> done the authentication, but that's a separate issue). As I
> Greg> understand the Unix security model in combination with the SSH
> Greg> protocol this means that SSH must run as root on both ends and the
> Greg> initial use of a TCP port less than 1024 is key to the web of trust
>
> No.
>
> SSH can emulate "rhost" <1024 stuff if you insist. That is not the default.
> You can permit RhostRSA to use RSA to authenticate hosts. That depends upon
>access to /etc/ssh_host_key, which is why ssh client is often setuid. This
>also is often not the default. (although setuid ssh has been the default in
>the past).
a suid ssh client gains you two modes of authentication which are sort
of similar, but not the same: RhostsAuthentication and
RhostsRSAAuthentication. the former requires the client to be
connecting to the server from a "privileged" port and the latter
requires privileges on the client machine to read the file called (eg)
/etc/ssh_host_key. i don't recall off the top of my head if the use
of a "privileged" port is required for this form of authentication to
succeed.
> Most use of ssh does not require any of this.
correct.
-- |-----< "CODE WARRIOR" >-----| codewarrior
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]