SSH authentication bypass?

Tom Buskey tom at buskey.name
Wed Jun 25 14:48:36 EDT 2014 

Older versions of SSH (v1?) from SSH Inc let you specifiy noop or xor as
the encryption method in a similar way.  It could speed up the transfer
quite a bit.




On Wed, Jun 25, 2014 at 11:31 AM, Mark Komarinski <mkomarinski at wayga.org>
wrote:

> HPN SSH (patches to boost ssh performance) allows for no encryption of the
> data stream but IIRC the authentication is encrypted.  That doesn't bypass
> authentication so this may not be related
>
> On Jun 25, 2014 11:23 AM, Joshua Judson Rosen <rozzin at geekspace.com>
> wrote:
> >
> > Having sshd manage auth using PKI is not what I'm looking for;
> > supposedly there is a "none" auth-type that SSH can use,
> > which means that SSH is just giving you an encrypted stream
> > and the shell running at the end of the link is responsible
> > for actually prompting for login credentials and authenticating
> > (similarly to using SSL telnet, since telnetd doesn't actually
> > manage logins, it just execs a "login" command and hooks
> > its stdio up to the socket that goes back to the client).
> >
> > Glancing at the code in OpenSSH 6.0 (client and server), it looks like
> > the OpenSSH client can be made to request "none" auth; and there are at
> > least some *vestiges* of support for "none" auth in the server--
> > like all of the code in auth2-none.c, and this comment in auth2.c:
> >
> >         /* Allow initial try of "none" auth without failure penalty */
> >
> > (I also see that there's another `hidden auth mode' called "J-PAKE",
> > which looks interesting but is also probably not what I want).
> >
> > From what little documentation I see on sshd's
> ChallengeResponseAuthentication
> > option, it seems like that might let me do this... but only if I
> > implement the authenticating end as a PAM module rather than something
> > like a "login command"...
> >
> > Help!?
> >
> > Do I `just' need to patch sshd to actually accept "none" auth?
> >
> > --
> > "'tis an ill wind that blows no minds."
> >
> > John Feole <jfeole at gmail.com> writes:
> > >
> > > I'm a little rusty, but i usedmto admin Solaris machines using keys
> with
> > > winders client using something like this doc:
> > >
> > > http://www.tonido.com/blog/index.php/2009/02/20/
> > > ssh-without-password-using-putty/#.U6oG7JHD8b0
> > >
> > > Regards,
> > > jfeole
> > >
> > > On Jun 24, 2014 5:21 PM, "Joshua Judson Rosen" <rozzin at geekspace.com>
> wrote:
> > >
> > >     Poking around in PuTTY..., there's an SSH auth setting labeled:
> > >
> > >            Bypass authentication entirely (SSH-2 only)
> > >
> > >     I have an application where that'd be great;
> > >     how the heck do I configure sshd to let that work?
> > >
> > >     --
> > >     "'tis an ill wind that blows no minds."
> > >     _______________________________________________
> > >     gnhlug-discuss mailing list
> > >     gnhlug-discuss at mail.gnhlug.org
> > >     http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
> > >
> > >
> > > _______________________________________________
> > > gnhlug-discuss mailing list
> > > gnhlug-discuss at mail.gnhlug.org
> > > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
> >
> > _______________________________________________
> > gnhlug-discuss mailing list
> > gnhlug-discuss at mail.gnhlug.org
> > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20140625/eb605b1c/attachment.html

More information about the gnhlug-discuss mailing list