From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.0.0-10; Linux) Description of problem: I updated under RH 7.1 from openssh-3.1p1-5 to the openssh-3.4p1-2 (by rebuilding the SRPM). host.equiv based RhostsRSAAuthentication would not work anymore, which was running flawlessly under 3.1p1-5. It looks like the missing SUID bit on /usr/bin/ssh is the reason. This bit was set on earlier versions of openssh packed by RH. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. ssh <host in /etc/hosts.equiv> Actual Results: [root@xibalba101 /root]# ls -la /usr/bin/ssh -rwxr-xr-x 1 root root 234440 Aug 22 18:00 /usr/bin/ssh bash-2.04$ ssh -v xibalba164 OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Reading configuration data /home/schmitt/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to xibalba164 [192.168.47.164] port 22. debug1: Connection established. debug1: identity file /home/schmitt/.ssh/identity type -1 debug1: identity file /home/schmitt/.ssh/id_rsa type -1 debug1: identity file /home/schmitt/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.4p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'xibalba164' is known and matches the RSA1 host key. debug1: Found key in /etc/ssh/ssh_known_hosts:131 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. schmitt@xibalba164's password: Expected Results: bash-2.04$ ssh -v xibalba164 OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Reading configuration data /home/schmitt/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to xibalba164 [192.168.47.164] port 22. debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/schmitt/.ssh/identity type -1 debug1: identity file /home/schmitt/.ssh/id_rsa type -1 debug1: identity file /home/schmitt/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.4p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'xibalba164' is known and matches the RSA1 host key. debug1: Found key in /etc/ssh/ssh_known_hosts:131 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication. debug1: Remote: Accepted for xibalba101.ethz.ch [192.168.47.101] by /etc/hosts.equiv. debug1: Received RSA challenge for host key from server. debug1: Sending response to host key RSA challenge. debug1: Remote: Rhosts with RSA host authentication accepted. debug1: Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server. debug1: Requesting pty. debug1: Requesting X11 forwarding with authentication spoofing. debug1: fd 3 setting TCP_NODELAY debug1: Requesting shell. debug1: Entering interactive session. Last login: Thu Aug 22 21:57:17 2002 from xibalba101.ethz.ch bash-2.04$ Additional info: All I did between the Actual Results and Expected Results was: chmod 4755 /usr/bin/ssh
We don't support Rhosts based authentication by default.