[27315] in North American Network Operators' Group
Re: Cisco says attacks are due to operational practices
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Fri Feb 11 19:21:52 2000
Message-ID: <026601bf74ee$a1305140$6e2544ab@cisco.com>
From: "Stephen Sprunk" <ssprunk@cisco.com>
To: <adrian@creative.net.au>
Cc: <nanog@merit.edu>
Date: Fri, 11 Feb 2000 17:56:23 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
After a quick (<30 sec) trip to the man page, voila!
To use non-privileged ports, add to /etc/config or ~/.ssh/config:
Host *
RhostsAuthentication no
RhostsRSAAuthentication no
UsePrivilegedPort no
This disables attempting rhosts-style authentication, which any sane server
should reject anyways. Why these are still enabled by default escapes me.
S
| | Stephen Sprunk, K5SSS, CCIE #3723
:|: :|: NSA, Network Consulting Engineer
:|||: :|||: 14875 Landmark Blvd #400; Dallas, TX
.:|||||||:..:|||||||:. Pager: 800-365-4578 / 800-901-6078
C I S C O S Y S T E M S Email: ssprunk@cisco.com
----- Original Message -----
From: adrian@creative.net.au
To: nanog@merit.edu
Sent: Friday, February 11, 2000 13:07
Subject: Re: Cisco says attacks are due to operational practices
Its not a bug, its a leftover from rsh days - if the connection originates
from a port below 1024, you could assume *cough* that the credentials the
connection supplies are authentic, since the process needs to be root to
bind to ports < 1024.
This isn't a "but thats flawed!" discussion seed, take that to bugtraq.
There's a flag to ssh somewhere to stop it doing that. Yup, -P .
Adrian
