It seems to me, that under AIX 4.3.3 ML 10 the Rhostsauthentication fails completely. The files .rhosts, .shosts or even .rhosts.equiv and .shosts.equiv are completely ignored. With my client I ran the following command: /opt/bin/ssh <hostname> -o RhostsAuthentication=yes -o Protocol=1 -o UsePrivilegedPort=yes And here is the debug output from my server # /opt/sbin/sshd -f /opt/etc/sshd_config -d -d debug1: sshd version OpenSSH_3.5p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 9.164.18.22 port 943 debug1: Client protocol version 1.5; client software version OpenSSH_3.5p1 debug1: match: OpenSSH_3.5p1 pat OpenSSH* debug1: Local version string SSH-1.99-OpenSSH_3.5p1 debug1: permanently_set_uid: 7/204 debug1: Sent 768 bit server key and 1024 bit host key. debug2: Network child is on pid 16256 debug1: Encryption type: 3des debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Received session key; encryption turned on. debug2: monitor_read: 28 used once, disabling now debug2: monitor_read: 30 used once, disabling nowdebug1: Installing crc compensation attack detector. debug1: Attempting authentication for root. debug2: monitor_read: 6 used once, disabling now Failed none for root from 9.164.18.22 port 943 debug2: auth_rhosts2: clientuser root hostname 9.164.18.22 ipaddr 9.164.18.22 debug1: temporarily_use_uid: 0/0 (e=7/204) debug1: restore_uid: (unprivileged) Failed rhosts for root from 9.164.18.22 port 943 ruser root Connection closed by 9.164.18.22 debug1: Calling cleanup 0x200013b0(0x0) The files .rhosts, .shosts and .shosts.equiv are existing with 600 rights on AIX. I compiled the version on myself. regards Alf Nicolaysen
IgnoreRhosts ... The default is ``yes''. /etc/hosts.equiv ... such users are permitted to log in as any user on this machine (except root).
Yes, I set the option "IgnoreRhosts no" in the sshd_config. I also set the option "strictModes no" to prevent a failing here. Nothing helps. Alf
Seems to be a privsep thing. Try running sshd with "-o UsePrivilegeSeparation=no". I can get rhosts authentication to work if I disable privsep. It works as a non-root user with shosts.equiv and with /.shosts as root. With privsep enabled, it fails. I will attach a debug log. I also needed to make ssh setuid root so it could bind to a privileged port. Also, the man page fragment that Markus quoted does not seem clear on root logins with hosts.equiv, however. With a bit more context, it says: "/etc/hosts.equiv This file is used during .rhosts authentication. In the simplest form, this file contains host names, one per line. Users on those hosts are permitted to log in without a password, provided they have the same user name on both machines. The host name may also be followed by a user name; such users are permitted to log in as any user on this machine (except root)." To me, the last sentence seems to say the exception for root applies only when the the optional username follows the hostname.
Created attachment 256 [details] sshd & ssh debug traces for rhosts authentication
Reproduced on Redhat 8 too, this does not seem to be specific to AIX.
ok, there is no privsep code for rhosts authentication. should it be added? rhosts is insecure and there are alternatives like rhosts-rsa or hostbased. should rhosts be dropped?
Yes, indeed. With this option it worked. As I do not know, if it ever will be fixed or not, I switch to RSARhostsAuthentication and leave the RhostsAuthentication in this state. Thanx for your help Alf Nicolaysen
Mass change of RESOLVED bugs to CLOSED