Re: ssh problems with {master,va}.debian.org???

[Andrew Pimlott <andrew@pimlott.ne.mediaone.net>]

On Tue, May 23, 2000 at 11:38:29AM -0400, Clint Adams wrote:
> Why is PARANOID entirely irrelevant for ssh?

Having checked the documentation, I concede that "entirely" is not
accurate.  One can force sshd to allow "vanilla" rhosts
authentication (the RhostsAuthentication configuration parameter),
which my be (more easily) spoofed without PARANOID.  However, this
is disabled by default, and any sane person wanting this
functionality would instead use RhostsRSAAuthentication, which is
not spoofable with DNS tricks.  RhostsRSAAuthentication is what I
had in mind when when I said PARANOID is irrelevant.

So, the admins of the Debian machines that started this discussion
should confirm that RhostsAuthentication is disabled, and turn of
PARANOID for sshd.

Andrew

-- 
Where is the innovation?  Microsoft, mostly.
- Rob Pike, "Systems Software Research is Irrelevant"
  http://www.cs.bell-labs.com/cm/cs/who/rob/utah2000.ps