Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco says attacks are due to operational practices

  • From: Stephen Sprunk
  • Date: Fri Feb 11 19:23:22 2000

After a quick (<30 sec) trip to the man page, voila!

To use non-privileged ports, add to /etc/config or ~/.ssh/config:
Host *
RhostsAuthentication no
RhostsRSAAuthentication no
UsePrivilegedPort no

This disables attempting rhosts-style authentication, which any sane server
should reject anyways.  Why these are still enabled by default escapes me.

S

     |          |         Stephen Sprunk, K5SSS, CCIE #3723
    :|:        :|:        NSA, Network Consulting Engineer
   :|||:      :|||:       14875 Landmark Blvd #400; Dallas, TX
.:|||||||:..:|||||||:.    Pager: 800-365-4578 / 800-901-6078
C I S C O S Y S T E M S   Email: ssprunk@cisco.com

----- Original Message -----
From: adrian@creative.net.au
To: nanog@merit.edu
Sent: Friday, February 11, 2000 13:07
Subject: Re: Cisco says attacks are due to operational practices



Its not a bug, its a leftover from rsh days - if the connection originates
from a port below 1024, you could assume *cough* that the credentials the
connection supplies are authentic, since the process needs to be root to
bind to ports < 1024.

This isn't a "but thats flawed!" discussion seed, take that to bugtraq.

There's a flag to ssh somewhere to stop it doing that. Yup, -P .

Adrian






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.