Hi,
I've released yet another unofficial release of lsh with my patches applied.
This time I've hacked publickey authentication support, and the beginnings
of an ssh proxy support.
The authorization database is not yet implemented, so the publickey
authentication module accepts _any_ authentication, which has a good
signature. This means that the equivalent of .ssh/authorized_keys, or
.ssh2/authorization is not checked, and every key is assumed to be there.
The server will print an "authentication succesful" message, but will not
let the client login. If you want, you can uncomment the line 144 in
server_publickey.c, and you'll be allowed to login. THIS IS A MAJOR SECURITY
HOLE, AND WILL ALLOW TO LOGIN TO ANY ACCOUNT ON YOUR SYSTEM WITH ANY KEY. Be
warned.
I succesfully authenticated myself using ssh2 (see my previous post about
yet another ssh2 kludge (yask)). The client side of the authentication is
not implemented yet.
btw: this snapshot can be found at
http://www.balabit.hu/downloads/lsh/lsh-0.1.5-bazsi.tar.gz
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
PGP signature
