Robert O'Callahan, on July 18. 2000, wrote:
: [EMAIL PROTECTED] wrote:
: > Please state why, exactly, this is the case. rhosts-rsa already
: > authenticates based on (IP, RSA-key). How is (IP, RSA-key, sport <1024)
: > any more or less secure? Either the key is secure, or it isn't. It has
: > nothing whatsoever to do with the source port.
:
: After successful rhosts-RSA authentication, the server trusts the user
: name passed to it by the client. If any client port is allowed, then any
: user who can log into the client machine could run their own SSH client
: patched to pass any desired user name. If only privileged client ports are
: allowed, then the user can only use an ssh client that has been installed
: suid root; such a client is presumably trusted to pass the correct user
: name.
:
: I suppose rhosts-RSA authentication isn't completely useless without the
: privileged-port restriction, but it's much less useful since the server
: would basically have to ignore the passed user name.
Have I understood the RFC of ssh1 incorrectly? If the client has
access to the client hosts private key, doesn't it have to have
somekind of root privileges? And if so, why can't you trust that as
much as you trust it when it is connecting from a privileged port?
Unfortunately ssh1-client has to be suid root to perform this. This is
(yet another) flaw in ssh1. (FYI for those who don't know ssh2: In
ssh2, the whole packet is signed, including username and
clienthostname, so we can give the packet signing to an outside
program. The ssh2 binary doesn't need to be suid root.)
IMNSHO, the privileged port stuff is not necessary.
--
[[EMAIL PROTECTED] -- Sami J. Lehtinen -- [EMAIL PROTECTED]]
[work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Corp http://www.ssh.com/]
