Bug 72298 - RhostsRSAAuthentication requires SUID bit on /usr/bin/ssh set
RhostsRSAAuthentication requires SUID bit on /usr/bin/ssh set
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
8.0
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-08-22 16:04 EDT by Marc Schmitt
Modified: 2007-04-18 12:45 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-04 05:07:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Marc Schmitt 2002-08-22 16:04:28 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.0.0-10; Linux)

Description of problem:
I updated under RH 7.1 from openssh-3.1p1-5 to the openssh-3.4p1-2 (by rebuilding the SRPM).
host.equiv based RhostsRSAAuthentication would not work anymore, which was running flawlessly under 3.1p1-5.
It looks like the missing SUID bit on /usr/bin/ssh is the reason. This bit was set on earlier versions of openssh packed by RH.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. ssh <host in /etc/hosts.equiv>
 

Actual Results:  [root@xibalba101 /root]# ls -la /usr/bin/ssh
-rwxr-xr-x    1 root     root       234440 Aug 22 18:00 /usr/bin/ssh

bash-2.04$ ssh -v xibalba164
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Reading configuration data /home/schmitt/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to xibalba164 [192.168.47.164] port 22.
debug1: Connection established.
debug1: identity file /home/schmitt/.ssh/identity type -1
debug1: identity file /home/schmitt/.ssh/id_rsa type -1
debug1: identity file /home/schmitt/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.4p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'xibalba164' is known and matches the RSA1 host key.
debug1: Found key in /etc/ssh/ssh_known_hosts:131
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
schmitt@xibalba164's password:


Expected Results:  bash-2.04$ ssh -v xibalba164
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Reading configuration data /home/schmitt/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to xibalba164 [192.168.47.164] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/schmitt/.ssh/identity type -1
debug1: identity file /home/schmitt/.ssh/id_rsa type -1
debug1: identity file /home/schmitt/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.4p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'xibalba164' is known and matches the RSA1 host key.
debug1: Found key in /etc/ssh/ssh_known_hosts:131
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
debug1: Remote: Accepted for xibalba101.ethz.ch [192.168.47.101] by /etc/hosts.equiv.
debug1: Received RSA challenge for host key from server.
debug1: Sending response to host key RSA challenge.
debug1: Remote: Rhosts with RSA host authentication accepted.
debug1: Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.
debug1: Requesting pty.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: fd 3 setting TCP_NODELAY
debug1: Requesting shell.
debug1: Entering interactive session.
Last login: Thu Aug 22 21:57:17 2002 from xibalba101.ethz.ch
bash-2.04$

Additional info:

All I did between the Actual Results and Expected Results was:

chmod 4755 /usr/bin/ssh
Comment 1 Tomas Mraz 2005-02-04 05:07:40 EST
We don't support Rhosts based authentication by default.

Note You need to log in before you can comment on or make changes to this bug.