HPE Community
Operating System - HP-UX
1819928 Members
3055 Online
109607 Solutions
New Discussion юеВ

SSH and .rhosts configuration

 
Tony Kuehn
Advisor

тАО02-17-2003 12:50 PM

тАО02-17-2003 12:50 PM

SSH and .rhosts configuration

I have installed and configured SSH and several servers and I am able to slogin between servers without a password. However, this takes significantly longer than "normal" rlogin. I have been informed that using Rhostsauthenication or RhostsRSAauthenication will improve speed of connection. I have not been able to configure this correctly. I have setuid on ssh binary and modified the sshd_config to:
RhostsRSAauthenication yes
IgnoreRhosts no
RSAauthenication yes
I verified the ~/.shosts file is permissioned at 0400.
Still get the message "Rhosts authenication disabled" when doing ssh -v .

Please advise any information. Thank you!!



0 Kudos
Reply
6 REPLIES 6
Sridhar Bhaskarla
Honored Contributor

тАО02-17-2003 01:15 PM

тАО02-17-2003 01:15 PM

Re: SSH and .rhosts configuration

Here is the snippet from the man page of sshd.

//
Whenever a client connects the daemon responds with its public host
and server keys. The client compares the RSA host key against its own
database to verify that it has not changed. The client then generates
a 256 bit random number. It encrypts this random number using both
the host key and the server key, and sends the encrypted number to the
server. Both sides then use this random number as a session key which
is used to encrypt all further communications in the session. The
rest of the session is encrypted using a conventional cipher,
currently Blowfish or 3DES, with 3DES being used by default. The
client selects the encryption algorithm to use from those offered by
the server.

Next, the server and the client enter an authentication dialog. The
client tries to authenticate itself using .rhosts authentication,
.rhosts authentication combined with RSA host authentication, RSA
challenge-response authentication, or password based authentication. //

The above process does take time. That is the reason why slogon(ssh) takes time to connect. Once the connection is successfully established, it will be normal. If you want you can lower ServerKeyBits 768 in sshd_config to get a slightly better response which is not recommended. But still it will not be like your regular rlogin.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Chris Vail
Honored Contributor

тАО02-17-2003 03:32 PM

тАО02-17-2003 03:32 PM

Re: SSH and .rhosts configuration

Using .rhosts gives you a speedy login, surely. But it is also insecure, and subject to hacking. The delay you notice is only at the outset while the two hosts exchange public/private keypairs. This does take a moment, and uses some processing power. But it is worth it in terms of security.

That being said, to make the .rhosts work, each host needs to be in the other's /etc/hosts file. Then create a .rhost file in each users home directory. This file needs only the name of the other host, and the user name in the next column. There's things you can do with hosts.equiv, but don't bother.

Chris
0 Kudos
Reply
Tony Kuehn
Advisor

тАО02-17-2003 03:39 PM

тАО02-17-2003 03:39 PM

Re: SSH and .rhosts configuration

I understand SSH will take more time than "normal" rlogin, however, I would expect the SSH login messages to come back stating that RhostsRSAauthenication is enabled after I have modified the ssh_config and sshd_config files to allow RhostsRSAauthenication.
Please advise. Thank you.
0 Kudos
Reply
Donny Jekels
Respected Contributor

тАО02-25-2003 06:32 PM

тАО02-25-2003 06:32 PM

Re: SSH and .rhosts configuration

Check this document I am sure it will help you.

enjoy
Donny
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
Keith Buck
Respected Contributor

тАО02-26-2003 05:34 AM

тАО02-26-2003 05:34 AM

Re: SSH and .rhosts configuration

You need to kill -HUP to get it to reread the configuration file (this may be the cause of your confusion).

That said, I'll reiterate that allowing rhosts authentication for sshd removes all the security benefits. If you really don't care about security, you can still just use rlogin and it will be fast as usual. Reducing the key size is a compromize...faster than large keys, but more secure that the rlogin protocol.

Hope that helps.

-Keith
0 Kudos
Reply
RAC_1
Honored Contributor

тАО02-26-2003 05:45 AM

тАО02-26-2003 05:45 AM

Re: SSH and .rhosts configuration

You set authentication methos to password, so that public/private key exchange is avoided and at the same time a bit fast response is acheived.
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.