On 29/08/2019 20:34, Anton Aylward wrote:
On 29/08/2019 16:06, Lew Wolfgang wrote:
I don't believe that you can use "none" in sshd without enabling it in source and recompiling. There are some patches that do this, but still require recompilation. That's always an option I guess...
Please see https://tools.ietf.org/html/rfc4252#page-7
If you run ssh -Q cipher to see what you have, you will NOT see 'none' liisted there. This is in accordance with the spec:
5.2. The "none" Authentication Request ... This 'method name' MUST NOT be listed as supported by the server.
But it might well be there, and the rest of that stanza says:
A client may request a list of authentication 'method name' values that may continue by using the "none" authentication 'method name'.
If no authentication is needed for the user, the server MUST return SSH_MSG_USERAUTH_SUCCESS.
More from the spec: Authentication methods are identified by their name, as defined in [SSH-ARCH]. The "none" method is reserved, and MUST NOT be listed as supported. However, it MAY be sent by the client. The server MUST always reject this request, *unless* the client is to be granted access without any authentication, in which case, the server MUST accept this request. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org