#64388 root logins with {,s}hosts.equiv...

#64388#5
Date:
2000-05-19 22:11:27 UTC
From:
To:
Sometimes it's desirable to allow root to login with hosts.equiv,
currently this requires .[rs]hosts files (which requires that users
.[rs]hosts files be enabled as well).  The following patch allows root
login with {,s}hosts.equiv to be turned on with a 'HostsEquivRootOK'
option in sshd_config.
							- Tom

diff -C 3 openssh-1.2.3.orig/auth-rhosts.c openssh-1.2.3/auth-rhosts.c
*** openssh-1.2.3.orig/auth-rhosts.c	Mon Dec 27 04:54:55 1999
--- openssh-1.2.3/auth-rhosts.c	Fri May 19 12:52:32 2000
***************
*** 184,190 ****
  	ipaddr = get_remote_ipaddr();

  	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
! 	if (pw->pw_uid != 0) {
  		if (check_rhosts_file("/etc/hosts.equiv", hostname, ipaddr, client_user,
  				      pw->pw_name)) {
  			packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
--- 184,190 ----
  	ipaddr = get_remote_ipaddr();

  	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
! 	if (options.hosts_equiv_rootok || pw->pw_uid != 0) {
  		if (check_rhosts_file("/etc/hosts.equiv", hostname, ipaddr, client_user,
  				      pw->pw_name)) {
  			packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
diff -C 3 openssh-1.2.3.orig/servconf.c openssh-1.2.3/servconf.c
*** openssh-1.2.3.orig/servconf.c	Fri May 19 13:58:51 2000
--- openssh-1.2.3/servconf.c	Fri May 19 12:25:31 2000
***************
*** 48,53 ****
--- 48,54 ----
  	options->log_level = (LogLevel) - 1;
  	options->rhosts_authentication = -1;
  	options->rhosts_rsa_authentication = -1;
+ 	options->hosts_equiv_rootok = -1;
  	options->rsa_authentication = -1;
  #ifdef KRB4
  	options->kerberos_authentication = -1;
***************
*** 113,118 ****
--- 114,121 ----
  		options->rhosts_authentication = 0;
  	if (options->rhosts_rsa_authentication == -1)
  		options->rhosts_rsa_authentication = 0;
+ 	if (options->hosts_equiv_rootok == -1)
+ 		options->hosts_equiv_rootok = 0;
  	if (options->rsa_authentication == -1)
  		options->rsa_authentication = 1;
  #ifdef KRB4
***************
*** 162,168 ****
  	sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
  	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
  	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
! 	sIgnoreUserKnownHosts
  } ServerOpCodes;

  /* Textual representation of the tokens. */
--- 165,171 ----
  	sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
  	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
  	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
! 	sIgnoreUserKnownHosts, sHostsEquivRootOK
  } ServerOpCodes;

  /* Textual representation of the tokens. */
***************
*** 180,185 ****
--- 183,189 ----
  	{ "loglevel", sLogLevel },
  	{ "rhostsauthentication", sRhostsAuthentication },
  	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
+ 	{ "hostsequivrootok", sHostsEquivRootOK },
  	{ "rsaauthentication", sRSAAuthentication },
  #ifdef KRB4
  	{ "kerberosauthentication", sKerberosAuthentication },
***************
*** 414,419 ****
--- 418,427 ----

  		case sRhostsRSAAuthentication:
  			intptr = &options->rhosts_rsa_authentication;
+ 			goto parse_flag;
+
+ 		case sHostsEquivRootOK:
+ 			intptr = &options->hosts_equiv_rootok;
  			goto parse_flag;

  		case sRSAAuthentication:
diff -C 3 openssh-1.2.3.orig/servconf.h openssh-1.2.3/servconf.h
*** openssh-1.2.3.orig/servconf.h	Fri May 19 13:58:51 2000
--- openssh-1.2.3/servconf.h	Fri May 19 12:26:42 2000
***************
*** 54,59 ****
--- 54,61 ----
  					 * authentication. */
  	int     rhosts_rsa_authentication;	/* If true, permit rhosts RSA
  						 * authentication. */
+ 	int     hosts_equiv_rootok;	/* If true, permit [rs]hosts.equiv
+ 						 * authentication for root. */
  	int     rsa_authentication;	/* If true, permit RSA authentication. */
  #ifdef KRB4
  	int     kerberos_authentication;	/* If true, permit Kerberos
diff -C 3 openssh-1.2.3.orig/sshd_config openssh-1.2.3/sshd_config
*** openssh-1.2.3.orig/sshd_config	Fri May 19 13:58:51 2000
--- openssh-1.2.3/sshd_config	Fri May 19 13:50:15 2000
***************
*** 28,33 ****
--- 28,36 ----
  # For this to work you will also need host keys in /etc/ssh_known_hosts
  RhostsRSAAuthentication no
  #
+ # Normally {,s}hosts.equiv access doesn't apply to root
+ #HostsEquivRootOK yes
+
  RSAAuthentication yes

  # To disable tunneled clear text passwords, change to no here!

#64388#10
Date:
2025-06-03 12:31:22 UTC
From:
To:
Closing this ticket because it is out-dated and there was no activity.
No
activity means also no interest from maintainer nor the reporter. The
package
might be not actively maintained anymore.

This happens in interest of Debian GNU/Linux project because it harms
the
project keeping tickets of that age open without any activity, decision
or
action taken.

Feel free to re-open or open a fresh report.