HPE Community
Operating System - HP-UX
1849082 Members
8690 Online
104041 Solutions
New Discussion

Re: ssh protocol 1 with .rhosts

 
support_5
Super Advisor

‎02-18-2004 02:08 PM

‎02-18-2004 02:08 PM

ssh protocol 1 with .rhosts

Hi all,

I am hitting my head agains a wall with this. I can't seem to get ssh to allow password-less logins via protocol 1 .shosts or .rhosts files.

I know that it's not a secure way to do things, but sheesh, its better than rlogins everywhere. We would like to go down the public key path of protocol 2, but that poses problems at the moment for this site (there are rlogins everywhere, including from different users to different users). We would like the password encryption of ssh without the hassle of key management of protocol 2.

Now, I've been trying to get passwordless logins using ssh to work for ages. Got it working using protocol 2, but there is too much overhead and complexity for that solution at the moment, the easiest way for us is to use the old .rhosts or .shosts (hosts.equiv?) files and protocol 1 for passwordless logins. However, I can't seem to get it to work.

I've changed the sshd_config file on the server to use protocol 1 with the following options:
Protocol 1
IgnoreRhosts no
RhostsAuthentication yes

I also add an entry in the ~/.rhosts file for the server and username eg:
server1 user1


Then I login from a client with:
ssh -1 server1

but it always asks for a password. I've tried some variations in the config files, but to no avail, it always asks for a password.

I am using the "HP-UX Secure Shell product T1471AA version A.03.50.000".

So, any help would be appreciated. Ta. (points will be given)

- Andy Gray

0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎02-18-2004 02:13 PM

‎02-18-2004 02:13 PM

Re: ssh protocol 1 with .rhosts

Attaching a document:

I've used it many times. You can build the key files with the cat >> command but this document works.

Also, consider upgrading to the latest version of Secure Shell.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-18-2004 02:15 PM

‎02-18-2004 02:15 PM

Re: ssh protocol 1 with .rhosts

Oh, and ssh doesn't care whats in the .rhosts files. I don't use .shosts either.

Good Luck,

Stevem
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
support_5
Super Advisor

‎02-23-2004 02:29 PM

‎02-23-2004 02:29 PM

Re: ssh protocol 1 with .rhosts

Thank you all, for your responses, but I think you have missed the point of my original post.

Yes, we could use protocol version 2 and manage the keys, but that is what I am trying to avoid. I am trying to use the protocol version 1 method. I quote from the ssh man page:

"SSH protocol version 1
First, if the machine the user logs in from is listed in /etc/hosts.equiv or /opt/ssh/etc/shosts.equiv on the remove machine, and the user names are the same on both sides, the user is immediately permitted to log in. Second, if .rhosts or .shosts exists in the user's home directory on the remove machine and contains a line containing the name of the client machine and the name of the user on that machine, the user is permitted to log in. This form of authentication alone is normally not allowed by the server because it is not secure."

That pretty much explains what I am trying to achieve, however I am not having any success.

So, can anyone help me with this without reference to protocol version 2?

By the wording in the man page, it seems like it should be fairly straight forward, however, I am finding that it is not...

Is it a compile time option, and HP have compiled openssh with no protocol 1 compliance of this authentication method? Is there some glaringly obvious option that I have missed in the configuration file? (I've attached my remote hosts sshd_config file).

Surely someome knows something about ssh protocol version 1? Any ideas??

Thanks again for the posts so far.

- Andrew Gray


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.