SSH authentication bypass?

Mark Komarinski mkomarinski at wayga.org
Wed Jun 25 11:31:21 EDT 2014 

HPN SSH (patches to boost ssh performance) allows for no encryption of the data stream but IIRC the authentication is encrypted.  That doesn't bypass authentication so this may not be related

On Jun 25, 2014 11:23 AM, Joshua Judson Rosen <rozzin at geekspace.com> wrote:
>
> Having sshd manage auth using PKI is not what I'm looking for;
> supposedly there is a "none" auth-type that SSH can use,
> which means that SSH is just giving you an encrypted stream
> and the shell running at the end of the link is responsible
> for actually prompting for login credentials and authenticating
> (similarly to using SSL telnet, since telnetd doesn't actually
> manage logins, it just execs a "login" command and hooks
> its stdio up to the socket that goes back to the client).
>
> Glancing at the code in OpenSSH 6.0 (client and server), it looks like
> the OpenSSH client can be made to request "none" auth; and there are at
> least some *vestiges* of support for "none" auth in the server--
> like all of the code in auth2-none.c, and this comment in auth2.c:
>
>         /* Allow initial try of "none" auth without failure penalty */
>
> (I also see that there's another `hidden auth mode' called "J-PAKE",
> which looks interesting but is also probably not what I want).
>
> From what little documentation I see on sshd's ChallengeResponseAuthentication
> option, it seems like that might let me do this... but only if I
> implement the authenticating end as a PAM module rather than something
> like a "login command"...
>
> Help!?
>
> Do I `just' need to patch sshd to actually accept "none" auth?
>
> -- 
> "'tis an ill wind that blows no minds."
>
> John Feole <jfeole at gmail.com> writes:
> >
> > I'm a little rusty, but i usedmto admin Solaris machines using keys with
> > winders client using something like this doc:
> >
> > http://www.tonido.com/blog/index.php/2009/02/20/
> > ssh-without-password-using-putty/#.U6oG7JHD8b0
> >
> > Regards,
> > jfeole
> >
> > On Jun 24, 2014 5:21 PM, "Joshua Judson Rosen" <rozzin at geekspace.com> wrote:
> >
> >     Poking around in PuTTY..., there's an SSH auth setting labeled:
> >    
> >            Bypass authentication entirely (SSH-2 only)
> >    
> >     I have an application where that'd be great;
> >     how the heck do I configure sshd to let that work?
> >    
> >     --
> >     "'tis an ill wind that blows no minds."
> >     _______________________________________________
> >     gnhlug-discuss mailing list
> >     gnhlug-discuss at mail.gnhlug.org
> >     http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
> >
> >
> > _______________________________________________
> > gnhlug-discuss mailing list
> > gnhlug-discuss at mail.gnhlug.org
> > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

More information about the gnhlug-discuss mailing list