[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package organization issue...



> --ibTvN161/egqYuK8
> Content-Type: text/plain; charset=us-ascii
> 
> On May 1, Mark Eichin wrote
> > 
> > > Well, what really should happen is login should have an option
> > > that means "authentication already happened".  Running login as
> > 
> > "login -f" ... usually used by rlogind and the like... and sometimes
> > it's even done right.  But it's not that portable, and it's always an
> > "interesting" problem...
> 
> ... which is why ssh, among other programs, doesn't use it.

This is something that comes up occasionally on the ssh list, because it seems like a good idea, but turns out not to be.

The problem with this approach is that login does not allow you to issue a command, so you cannot use ssh+login for anything but interactive logins.  This also stops scp working.  Also, many versions of login insist on cleaning up the environment which breaks the ssh-auth and X forwarding.

So you fix that by opening a back door --- Interactive ssh logins call login -f, and everything else uses ssh's default behavior.

That is no good because then people can subvert the system, thus:

   ssh -t host /bin/sh -i

So all you are left with is a warm cuddly feeling, and no improvement over using ssh as it is.  In fact you are worse off, because you are relying upon login to enforce some policy, and it is not enforcing it.

It is rumoured that ssh-2.0 will include support for PAM, which would sort this out, but otherwise I don't think it is worthwhile.

Cheers, Phil.


Attachment: pgpspItUOnauS.pgp
Description: PGP signature


Reply to: