f



AIX rlogin=false ....Does this have to be set to "true" in order for SSH to work ?

IS is possible to enable SSH logins while "rlogin=false"  ???? Probably a
stupid question but with all the configuration options of I thought I'd ask.




0
5/9/2004 7:03:52 PM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

3 Replies
458 Views

Similar Articles

[PageSpeed] 30

In article <UPCdnYef8ZgKHQPdRVn-gw@comcast.com>,
news.comcast.giganews.com <riverupdude@comcast.net> wrote:
>IS is possible to enable SSH logins while "rlogin=false"  ???? Probably a
>stupid question but with all the configuration options of I thought I'd ask.

Only if you modify sshd.  If you want to do this, edit auth.c, search
for the "loginrestrictions" call and change S_RLOGIN to S_LOGIN then
recompile.  This will make sshd check for the "login" attribute rather
than the "rlogin" attribute.

Your other option is to disable *all* the AIX-specific checks (which
includes lockout, password/account expiry as well as the login attribute
checks).  If you want to do this, edit config.h after running configure
and comment out "#define WITH_AIXAUTHENTICATE 1" then rebuild everything
("make clean && make").  Note that this may also disable some non-local
authentication types (eg LDAP), but I'm not sure of that.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
0
dtucker (551)
5/10/2004 2:08:30 AM
Darren,

Am I to understand that there is NO way other than to recompile SSHD to
disable the internal auth. checks.  We ARE looking to leave  the AIX
security settings login=false and rlogin=false intact, thus not alowing this
user to login using any other method other than SSH. Since we have the
hostbased authentication in place for this user (which works currently only
when login=false and  rlogin=true) I am looking for a procedure that will
allow us to simply allow us to set rlogin=false).

If we are forced to recompile OpenSSHd, does anything have to be done on the
client ? Is the source available via OpenSSH.org ?  (Sorry I haven't looked
and thought I'd ask here :-))

Thanks in advance !!


"Darren Tucker" <dtucker@dodgy.net.au> wrote in message
news:c7mo6u$3ah$1@gate.dodgy.net.au...
> In article <UPCdnYef8ZgKHQPdRVn-gw@comcast.com>,
> news.comcast.giganews.com <riverupdude@comcast.net> wrote:
> >IS is possible to enable SSH logins while "rlogin=false"  ???? Probably a
> >stupid question but with all the configuration options of I thought I'd
ask.
>
> Only if you modify sshd.  If you want to do this, edit auth.c, search
> for the "loginrestrictions" call and change S_RLOGIN to S_LOGIN then
> recompile.  This will make sshd check for the "login" attribute rather
> than the "rlogin" attribute.
>
> Your other option is to disable *all* the AIX-specific checks (which
> includes lockout, password/account expiry as well as the login attribute
> checks).  If you want to do this, edit config.h after running configure
> and comment out "#define WITH_AIXAUTHENTICATE 1" then rebuild everything
> ("make clean && make").  Note that this may also disable some non-local
> authentication types (eg LDAP), but I'm not sure of that.
>
> -- 
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.


0
5/10/2004 4:58:41 PM
In article <pPidnbgOzNxfKQLd4p2dnA@comcast.com>,
news.comcast.giganews.com <riverupdude@comcast.net> wrote:
>Am I to understand that there is NO way other than to recompile SSHD to
>disable the internal auth. checks.

Correct.  There's no run-time option to disable those, and in most cases
they do the right thing.

>We ARE looking to leave the AIX
>security settings login=false and rlogin=false intact, thus not alowing this
>user to login using any other method other than SSH. Since we have the
>hostbased authentication in place for this user (which works currently only
>when login=false and  rlogin=true) I am looking for a procedure that will
>allow us to simply allow us to set rlogin=false).

In that case I think you would need to replace the loginrestrictions
parameter "S_RLOGIN" with "0", but I haven't tested that.

>If we are forced to recompile OpenSSHd, does anything have to be done on the
>client?

No.

>Is the source available via OpenSSH.org ?  (Sorry I haven't looked
>and thought I'd ask here :-))

Yes.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
0
dtucker (551)
5/11/2004 12:59:44 AM
Reply:

Similar Artilces:

Another variant of "ssh" working interactively, but "ssh cmd" and "scp" failing
hello, world\n I've read the SSH and OpenSSH FAQ (motd/.profile issue), googled left and right and still could not find a solution to the problem. I've got an embedded box named FOO running OpenSSH_3.7.1p1 on Linux 2.4 on PowerPC, the shell is a busybox, but using bash does not change anything. No PAM. This is the situation: ssh root@FOO -- works ssh root@FOO ls -- fails, no output, no matter what command is given scp file root@FOO: -- fails, "lost connection" Here's the debug output for the client and the server. I have also appended the /etc/ssh/sshd_config. What am I doing wrong? $ ssh -vvv root@FOO /bin/ls OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to FOO [172.28.58.13] port 22. debug1: Connection established. debug1: identity file /home/sje2bk/.ssh/identity type -1 debug1: identity file /home/sje2bk/.ssh/id_rsa type -1 debug3: Not a RSA1 key file /home/sje2bk/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3...

differences among "ssh", "rlogin" and "telnet"
Hi, what are the differences among "ssh", "rlogin" and "telnet"? Which one is better and when are each of these are recommended to use? Thanks. On Thu, 2 Mar 2006, SolarisUser wrote: > what are the differences among "ssh", "rlogin" and "telnet"? Which one > is better and when are each of these are recommended to use? ssh encrypts traffic, the others don't. SSh should always be used, and there's no reason to use the others these days. -- Rich Teer, SCNA, SCSA, OpenSolaris CAB member President, Rite Online Inc. ...

word_set = set() def should_preceed_with_an(phrase): first_word = phrase.strip().split()[0].split("-")[0] if first_word.lower() in word_set: return True return False # word_set = set("""..\n..
word_set = set() def should_preceed_with_an(phrase): first_word = phrase.strip().split()[0].split("-")[0] if first_word.lower() in word_set: return True return False # word_set = set("""..\n..""".split()) word_set = set("""a aaberg aachen aachener aaker aalseth aamodt aancor aardema aardvark aaron aarons aaronson aarti aase aasen ab ababa abacha aback abaco abacus abad abadaka abadi abadie abair abalkin abalone abalos abandon abandoned abandoning abandonment abandonments abandons abanto ...

"for" loop inside "ssh"
Hello, I try to use "ssh" command and run "for" loop in remote server. I mean something like: ssh remote_server -l remote_user "for file in `ls *.sql`; do; echo $file; done" Now I get: file: Undefined variable. OS: Sun Solaris Shell: ksh Thank you. On 2014-03-10, shulamitmi3@gmail.com <shulamitmi3@gmail.com> wrote: > Hello, > > I try to use "ssh" command and run "for" loop in remote server. > > I mean something like: > > ssh remote_server -l remote_user "for file in `ls *.sql`; do...

[Hibernate] yes_no property being mapped as "true"/"false" instead of "Y"/"N" ??
From the log: Hibernate: /* insert collection row com.wholefoods.ittoolkit.ws.ccf.Request.assets */ insert into ITTOOLKIT.CR_ASSET (REQ_ID, ASSET_ENTRY_ID, NAGIOS_DOWNTIME, REBOOT, SYSTEM_TYPE_ID, OS_TYPE_ID) values (?, ?, ?, ?, ?, ?) 12:15:26,546 DEBUG org.hibernate.jdbc.AbstractBatcher:476 - preparing statement 12:15:26,562 DEBUG org.hibernate.type.LongType:133 - binding '41' to parameter: 1 12:15:26,562 DEBUG org.hibernate.type.StringType:126 - binding null to parameter: 2 12:15:26,562 DEBUG org.hibernate.type.YesNoType:133 - binding 'true' to parameter: 3 12:15:26,577 DEBUG org.hibernate.type.YesNoType:133 - binding 'false' to parameter: 4 12:15:26,577 DEBUG org.hibernate.engine.IdentifierValue:77 - id unsaved-value strategy UNDEFINED 12:15:26,577 DEBUG org.hibernate.type.StringType:133 - binding 'PRD' to parameter: 5 12:15:26,577 DEBUG org.hibernate.engine.IdentifierValue:77 - id unsaved-value strategy UNDEFINED 12:15:26,577 DEBUG org.hibernate.type.StringType:133 - binding 'Windows' to parameter: 6 The database column is defined as CHAR(1), so of course binding 'true' or 'false' fails with "value too large". Everything I can find on the web and in JPE about type="yes_no" indicates it will be mapped as "Y" and "N", not "true" and "false". Is this a bug? Here's the corresponding mapping: <bag name="assets&q...

"==" is NOT TRUE "==", WHY?
[CODE START] x=5; y=8; if (x + y + 1E-15 == 13) a = 3 else a = 8 end [CODE END] When x + y + 1E-15, the code above returns a = 8. When x + y + 1E-16, the code above returns a = 3. Why? Kindly advise. Thanks. "onemilimeter Chen" <onemm@example.com> wrote in message <g7adrj$5tr$1@fred.mathworks.com>... > [CODE START] > x=5; > y=8; > if (x + y + 1E-15 == 13) > a = 3 > else > a = 8 > end > [CODE END] > > When x + y + 1E-15, the code above returns a = 8. > When x + y + 1E-16, the code above returns a = 3. > > Why? ...

""""""""""""""""""""""ADD ME""""""""""""""""""""
Hi , Hope you are doing great. Please let me take this opportunity to introduce myself, Iam Karthik working with BhanInfo Inc, a NY based company. We have consultants on our bench on various technologies, my request is to add me to your distribution list and kindly do send me the requirements. i have the below list available 1. Mainframe 2. Java 3.. Financial Analyst 4. Data Architect If there is any vendor ship agreement which has to be signed then I would like to take an opportunity to represent my company and expect your cooperation... We look forward to build a ve...

ssh tunnel // "telnet localhost tunnel_port" works, from remote host "telnet hostname tunnel_port" fails
Hi Guys, I got a SUSE linux box with OpenSSh installed. <hostname>:/proc # uname -r 2.4.21-138-smp <hostname>:/proc # ssh -Version OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f I use "ssh <remotehost_1> -L 54321:<remotehost_2>:23 to build a ssh tunnel for a telnet session to remotehost_2 (which can not be accessed from my linux box directly). remotehost_2 is a HPUX box, could be anything else too When I use "telnet localhost 54321" on my linux box this works fine When I use "telnet <hostname> 54321" on my linux box it fails hprtdc14:/proc # telnet <hostname> 55555 Trying 12.23.34.45... telnet: connect to address 12.23.34.458: Connection refused When I use "telnet <hostname> 55555" from a remote box (windows - could be anything else too) it fails C:\>telnet <hostname> 55555 Connecting To <hostname>...Could not open connection to the host, on port 55555: Connect failed C:\> I assume my linux box refuses connections from hosts other than localhost. Further on I see in netstat that only 127.0.0.1 is listened on (not on its IP) <hostname>:/proc # netstat -an | grep 55555 tcp 0 0 127.0.0.1:55555 0.0.0.0:* LISTEN tcp 0 0 ::1:55555 :::* LISTEN <hostname>:/proc # Compared to windows: In putty I have an option "Local ports accept connections from other hosts" Is there so...

ssh tunnel // "telnet localhost tunnel_port" works, from remote host "telnet hostname tunnel_port" fails #2
Hi Guys, I got a SUSE linux box with OpenSSh installed. <hostname>:/proc # uname -r 2.4.21-138-smp <hostname>:/proc # ssh -Version OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f I use "ssh <remotehost_1> -L 54321:<remotehost_2>:23 to build a ssh tunnel for a telnet session to remotehost_2 (which can not be accessed from my linux box directly). remotehost_2 is a HPUX box, could be anything else too When I use "telnet localhost 54321" on my linux box this works fine When I use "telnet <hostname> 54321" on my linux box it fails hprtdc14:/proc # telnet <hostname> 55555 Trying 12.23.34.45... telnet: connect to address 12.23.34.458: Connection refused When I use "telnet <hostname> 55555" from a remote box (windows - could be anything else too) it fails C:\>telnet <hostname> 55555 Connecting To <hostname>...Could not open connection to the host, on port 55555: Connect failed C:\> I assume my linux box refuses connections from hosts other than localhost. Further on I see in netstat that only 127.0.0.1 is listened on (not on its IP) <hostname>:/proc # netstat -an | grep 55555 tcp 0 0 127.0.0.1:55555 0.0.0.0:* LISTEN tcp 0 0 ::1:55555 :::* LISTEN <hostname>:/proc # Compared to windows: In putty I have an option "Local ports accept connections from other hosts" Is there so...

"""""""""ADD ME""""""""""
Hi , Hope you are doing great. Please let me take this opportunity to introduce myself, Iam Karthik working with BhanInfoi Inc, a NY based company. We have consultants on our bench on various technologies, my request is to add me to your distribution list and kindly do send me the requirements. i have the below list available 1. Mainframe 2. Java 3.. Financial Analyst 4. Data Architect If there is any vendor ship agreement which has to be signed then I would like to take an opportunity to represent my company and expect your cooperation... ...

printing logical variables as "true" and "false"
I would like to print logical variables as "true" and "false" rather than just "T" and "F", which is what Fortran WRITE statements do. I can define functions that convert .true. and .false. to the strings "true" and "false", but is there some edit descriptor I have overlooked? <beliavsky@aol.com> wrote: > I would like to print logical variables as "true" and "false" rather > than just "T" and "F", which is what Fortran WRITE statements do. I can > define functions that convert .true. and .false. to the strings "true" > and "false", but is there some edit descriptor I have overlooked? Nope. I don't know of a language-provided shortcut for this. Your function is a pretty simple one to write, but I don't know a way to avoid it. -- Richard Maine | Good judgment comes from experience; email: my first.last at org.domain| experience comes from bad judgment. org: nasa, domain: gov | -- Mark Twain Richard E Maine wrote: > <beliavsky@aol.com> wrote: > > >>I would like to print logical variables as "true" and "false" rather >>than just "T" and "F", which is what Fortran WRITE statements do. I can >>define functions that convert .true. and .false. to the strings "true" >>and "false", but is there som...

88-LEVEL / SET xx TO TRUE / SET xx TO "FALSE"
Hi ! I had a very hard discussion with a collegue trying to make him understand why a SET xx TO FALSE can't work. I could not convince him by means of Boole logic examples etc. Can anybody give me a hint how to make it clear ? Are there any COBOL tutorials where it is explained completely? Please remember we both got more than 20 years COBOL experience, so don't answer "BECAUSE 'FALSE' IS NOT A COBOL WORD blabla'". Thanks you, Dirk On 16 Sep 2003 02:40:56 -0700, dhaar@mideal.de (Dirk Haar) wrote: >Hi ! >I had a very hard discussion with a collegue >trying to make him understand why a SET xx TO FALSE can't work. > >I could not convince him by means of Boole logic examples etc. > >Can anybody give me a hint how to make it clear ? >Are there any COBOL tutorials where it is explained completely? > >Please remember we both got more than 20 years COBOL experience, >so don't answer "BECAUSE 'FALSE' IS NOT A COBOL WORD blabla'". > >Thanks you, > >Dirk It DOES work with some COBOL versions. 01 variablex pic x. 88 VALID-ANSWER VALUE "Y" WHEN SET TO FALSE "N". .... IF (INPUT-FIELD = "A" OR "B" OR "C") SET VALID-ANSWER TO TRUE ELSE SET VALID-ANSWER TO FALSE END-IF Frederico Fonseca ema il: frederico_fonseca at syssoft-int.com SET TO FALSE is a "required" part of the 2002 COBOL Standard - and is avai...

Urgent Requirement in """""""""""""NEW YORK""""""""""""""""
Hello Partners, Please find the requirement below. Please send the updated resume along with rate and contact no. REQ#1: Title : Java Developer ( Rating Project) Duration : 6 months Rate : open Location : NY strong java, WebLogic 9.2, Web Services, Oracle REQ#2: Title : Java Developer Duration : 4 months Rate : open Location : NY Strong java, SQL REQ#3: Title : VB.Net Consultant Location : NY Duration : 4 months Rate : open Primarily looking at someone who has Excel, VB.net and Oracle (good to have). Req #4: Title : Java Developer (MSA Project) Duration : 6+ months Rate : open Location : NY Note : Please send your updated resume along with contact no karthik@bhaninfo.com : No phone calls please. Thanks & Regards Karthik BhanInfo karthik@bhaninfo.com ...

"out" and "in out"
Hi i found the following explaination: In Ada, "in" parameters are similar to C++ const parameters. They are effectively read-only within the scope of the called subprogram. Ada "in out" parameters have a reliable initial value (that passed in from the calling subprogram) and may be modified within the scope of the called procedure. Ada "out" parameters have no reliable initial value, but are expected to be assigned a value within the called procedure. What does "have no reliable initial value" mean when considering the "out" parameter? By c...

about "++" and "--"
why this program snippet display "8,7,7,8,-7,-8" the program is: main() { int i=8; printf("%d\n%d\n%d\n%d\n%d\n%d\n",++i,--i,i++,i--,-i++,-i--); } > why this program snippet display "8,7,7,8,-7,-8" Ask your compiler-vendor because this result is IMHO implementation-defined. Check this out: http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.15 http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.16 Regards, Irina Marudina fxc123@gmail.com wrote: > why this program snippet display "8,7,7,8,-7,-8&q...

"If then; if then;" and "If then; if;"
I have a raw data set which is a hierarchical file: H 321 s. main st P Mary E 21 F P william m 23 M P Susan K 3 F H 324 S. Main St I use the folowing code to read the data to creat one observation per detail(P) record including hearder record(H): data test; infile 'C:\Documents and Settings\retain.txt'; retain Address; input type $1. @; if type='H' then input @3 Address $12.; if type='P' then input @3 Name $10. @13 Age 3. @16 Gender $1.; run; but the output is not what I want: 1 321 s. main H 2 321 s. main P Mary E 21 F 3 321 s...

"my" and "our"
Hi, while testing a program, I erroneously declared the same variable twice within a block, the first time with "my", the second time with "our": { my $fz = 'VTX_Link'; .... ( around 200 lines of code, all in the same block) our $fz = 'VTX_Linkset'; ... } So the initial contents of the $fz declared with "my" is lost, because "our" creates a lexical alias for the global $fz, thus overwriting the previous "my" declaration. It was my error, no question. But I wonder why Perl doesn't mention this - even with "use s...

"/a" is not "/a" ?
Hi everybody, while testing a module today I stumbled on something that I can work around but I don't quite understand. >>> a = "a" >>> b = "a" >>> a == b True >>> a is b True >>> c = "/a" >>> d = "/a" >>> c == d True # all good so far >>> c is d False # eeeeek! Why c and d point to two different objects with an identical string content rather than the same object? Manu Emanuele D'Arrigo wrote: >>>> c = "/a" >>>&...

why "::", not "."
Why does the method of modules use a dot, and the constants a double colon? e.g. Math::PI and Math.cos -- Posted via http://www.ruby-forum.com/. On Oct 26, 2010, at 01:48 , Oleg Igor wrote: > Why does the method of modules use a dot, and the constants a double > colon? > e.g. > Math::PI and Math.cos For the same reason why inner-classes/modules use double colon, because = they're constants and that's how you look up via constant namespace. Math::PI and ActiveRecord::Base are the same type of lookup... it is = just that Base is a module and PI is a float....

"or" and "and"
Hi, I'm just getting to discover ruby, but I find it very nice programming language. I just still don't understand how the "or" and "and" in ruby... I was playing with ruby and for example made a def to print Stem and Leaf plot (for those who didn't have a statistics course or slept on it, e.g. http://cnx.org/content/m10157/latest/) Here is the Beta version of it: class Array def n ; self.size ; end def stem_and_leaf(st = 1) # if st != (2 or 5 or 10) then ; st = 1 ; end k = Hash.new(0) self.each {|x| k[x.to_f] += 1 } k = k.sort{|a, b| a[0].to_f <=&g...

Urgent Requirement for """""""""""""""INFORMATICA DEVELOPER"""""""""""""
Hello Partners, How are you ? Please find the requirements below. Title: Database/ETL Developer Duration: 6 months Location: NY Exp: 7+ Locals preferred Database/ETL requirements (Mandatory) Candidate must have worked with financial instruments, preferably Mutual Funds but, Equities are also ok. PL/SQL - packages, Stored procs, Functions, Aggregate functions, Pipelined Functions Informatica 8.6 - especially complex mappings, complex maplets, complex workflows, transformations Oracle 10g/11g Unix/Linux shell scripting ...

HELP! Working through the "Trusted Site" security "feature"
Hello, I have a database that I need to connect with that resides on my personal intranet server. I'm on a different subnet than this server (running through two different gateways). When I try to open the database from my laptop, I get the warning "Microsoft Access cannot open this file This file is located outside your intranet or on an untrusted site. Microsoft Access will not open the file due to potential security problems. To open the file, copy it to your machine or an accessible network location". After looking at the help file, I'm told that I need to add th...

set myvar=(abcdef); if "%myvar%"=="zzz" does not work !?
Obviously the contents of the variable %myvar% is not the same as "zzz". But the commands in the "if" branch are executed (in a batch file). Why? It must have something to do with the closing bracket (in myvar). But how do I get around this misinterpretation? set myvar=(abcdef) if "%myvar%"=="zzz" ( Echo Hallo) .... Thomas Thomas Heinrich wrote in message <news:c78j87$30c$07$1@news.t-online.com> : > Obviously the contents of the variable %myvar% is not the same as "zzz". > But the commands in the "if"...

Urgent need """""""""""INFORMATICA DEVELOPER"""""""""""""
Hello Partners, How are you ? Please find the requirements below. Title: Database/ETL Developer Duration: 6 months Location: NY Exp: 7+ Locals preferred Database/ETL requirements (Mandatory) Candidate must have worked with financial instruments, preferably Mutual Funds but, Equities are also ok. PL/SQL - packages, Stored procs, Functions, Aggregate functions, Pipelined Functions Informatica 8.6 - especially complex mappings, complex maplets, complex workflows, transformations Oracle 10g/11g Unix/Linux shell scripting Database/ETL requirements (Optional) Data warehousing experience Threading and job concepts in 10g/11g Cost based Optimizer concepts in 10g/11g Must : Experience with XML files and partitioning concepts in Oracle, Collections, Material Views Note : No phone calls please. : send Resumes to karthik@bhaninfo.com Thanks & Regards Karthik BhanInfo karthik@bhaninfo.com ...

Web resources about - AIX rlogin=false ....Does this have to be set to "true" in order for SSH to work ? - comp.security.ssh

Resources last updated: 3/7/2016 1:54:29 PM