Secure Shell - Rhosts authentication

Conventional .rhosts and hosts.equiv based authentication mechanisms are fundamentally insecure due to IP, DNS (domain name server) and routing spoofing attacks. Additionally this authentication method relies on the integrity of the client machine. These weaknesses is tolerable, and been known and exploited for a long time.

Ssh provides an improved version of these types of authentication, because they are very convenient for the user (and allow easy transition from rsh and rlogin). It permits these types of authentication, but additionally requires that the client host be authenticated using RSA.

The server has a list of host keys stored in /etc/ssh_known_host, and additionally each user has host keys in $HOME/.ssh/known_hosts. Ssh uses the name servers to obtain the canonical name of the client host, looks for its public key in its known host files, and requires the client to prove that it knows the private host key. This prevents IP and routing spoofing attacks (as long as the client machine private host key has not been compromised), but is still vulnerable to DNS attacks (to a limited extent), and relies on the integrity of the client machine as to who is requesting to log in. This prevents outsiders from attacking, but does not protect against very powerful attackers. If maximal security is desired, only RSA authentication should be used.

It is possible to enable conventional .rhosts and /etc/hosts.equiv authentication (without host authentication) at compile time by giving the option --with-rhosts to configure. However, this is not recommended, and is not done by default.

These weaknesses are present in rsh and rlogin. No improvement in security will be obtained unless rlogin and rsh are completely disabled (commented out in /etc/inetd.conf). This is highly recommended.


Back to Info Page

Last modification: 12. 2. 1997 by Jiri Klouda