Re: Passwordless connection to ssh-nonfree 1.2.27
Umm... Unless you have some reason to be running that version
of SSH instead of ssh2 or openssh (ssh) I wouldn't... I'm in the process
of doing a post-mortem on a harddrive of a friend's computer in which we
believe ssh 1.2.27 was the way they got in as it was one of the very few
ports that was port forwarded into this machine... SSH protocol 1 has
had a root exploit vulnerability out for awhile now... Incidently my
friends computer was a RedHat box as well...
If you must run that version check your settings for
IgnoreRhosts, IgnoreUserRhosts, RhostsRSAAuthentication and
RSAAuthentication... Also for it to work both host and client need to be
in known_hosts on both sides IIRC... Honestly SSH2's publickey or
hostbased authentication might be an easier choice...
Jeremy
On Tue, Feb 26, 2002 at 10:45:56AM +0200, Danie Roux wrote:
> I'm trying to do key authentication between the current unstable openssh
> and a remote box running RedHat and the following version of
> ssh-nonfree:
>
> SSH Version 1.2.27, protocol version 1.5
>
> Regular logins work. I want to login without using a password.
>
> This is what I've done:
>
> I've enabled ssh1 support by "dpkg-reconfigure ssh"
> On my Debian machine I generated a ssh1 key without a passphrase.
> I then copied the identity.pub to the RedHat machine and renamed it to
> ~/.ssh/authorized_keys.
>
> I would think by this time I should just be able to ssh there and get
> logged in automatically. Doesn't work.
>
> So I tried
>
> ssh -1 -i ~/.ssh/identity
>
> And it also doesn't work.
>
> Any ideas?
>
Reply to: