2
2
Please tell me, is there a ssh server with this unusual capability? Or I would have to edit the source code of openssh-server and recompile?
Jake Badlands
Posted 2013-07-19T10:33:30.350
Reputation: 125
Alternative ssh server - which is possible to configure to allow all connections without authentification?
Answers
1
Have all the users run this from their local machines:
([ -f ~/.ssh/id_rsa.pub ] || ssh-keygen -t rsa ) && (ssh user@example.com "([ -d ~/.ssh ]||mkdir -m 700 ~/.ssh) && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub)
Replacing "user@example" with their username and the board's hostname or IP address.
Since you're having troubles with public key authentication, you can try lsh. lshd, the lsh SSH server, has an experimental option --login-auth-mode to bypass user authentication. See the manual for more information.
Unfortunately, I have a major problem with authorized keys: they simply do not work for this board, no matter what I do. The solution is still unknown, so I would like to disable ssh security at all for a while – Jake Badlands – 2013-07-19T10:47:09.433
1Sorry, I posted this answer before your comment arrived in the question above. – None – 2013-07-19T10:49:18.050
1Edited to include info on lsh, though I still think that the original problem that you should have been pursuing is the inability to use public key authentication; hence, this was an XY problem afterall. – None – 2013-07-19T13:10:19.037
0
authentication without password is a choice ( rather poor one ) that you make and would be achieved by tweaking the config file of your server (ssh openssh or ....) I will recommend you to use MOSH; which is a new generation openSSH. you can read all about it at mosh-disc
r004
Posted 2013-07-19T10:33:30.350
Reputation: 101
From the comments under the question it seems that it is not possible to disable authentication on the OpenSSH daemon by tweaking the configuration. Are you sure that MOSH allows this? If yes could you please add more details? ------ It seems that the major benefits of MOSH are a new protocol running on UDP and a predictive local echo. ------- I have not noticed any changes in user authentication in MOSH. In fact it seems that MOSH uses standard SSH for user authentication. Please see http://mosh.mit.edu/#about .
– pabouk – 2013-12-10T09:00:35.580pabouk; I don't now what you exaclty mean when you say "disable authentication". if you mean what i think you mean just set PasswordAuthentication no in your sshd_config file and you are golden. – r004 – 2013-12-11T13:32:54.940
"disable authentication" - Is not it what is the question about - to configure sshd to not require authentication? --- It is always good to check the comments and other answers before answering. Here is the relevant comment for the PasswordAuthentication option: http://superuser.com/questions/621719/alternative-ssh-server-which-is-possible-to-configure-to-allow-all-connections/686233?noredirect=1#comment772963_621719 If PasswordAuthentication no works for you then please let us know.
0
Assuming you're using some sort of unix that relies on PAM, removing all the auth entries for the PAM configuration that ssh uses should do this. Remember to set UsePAM to "yes" in your sshd_config.
But this is a really bad idea; no matter what your justifications are.
bizzyunderscore
Posted 2013-07-19T10:33:30.350
Reputation: 11
1
Something smells fishy. Is this what you really want to do or is it towards some other end. For example, do you really want anyone to connect, or is it the "without authentication" part that you want? Why? See: XY problem
– None – 2013-07-19T10:37:05.097@BrandonInvergo I want everyone to be able to connect to the development Linux board without any passwords and authentifications: so, when somebody types "ssh username@hostname" of this board, they connect instantly. Since this board is visible only in small local wired subnetwork which does not have Internet at all, I do not see any threat to my security – Jake Badlands – 2013-07-19T10:41:22.437
@BrandonInvergo For that, I need to install alternative ssh server (or modified openssh-server) to development board, but I dont know any, so I am asking – Jake Badlands – 2013-07-19T10:42:49.537
1Why not just use public key authentication? Just add everyone's keys to the authorized keys list (ridiculously easy with
ssh-copy-id). They'll have password-less login from then on (as long as their ssh key has been added to their user agent, which should be automatic in Ubuntu). – None – 2013-07-19T10:44:33.5801And have you tried setting all
*Authenticationoptions to "no" in/etc/ssh/sshd_config? – None – 2013-07-19T10:49:54.693@BrandonInvergo I have tried all the possible combinations of Authentification options (including all "no"), but nothing works. That makes me think that I could not disable all the ssh security via sshd_config. So, if you know any alternative ssh clients, which could be used with disabled security, I would be happy – Jake Badlands – 2013-07-19T12:09:48.733
1
I only know of one alternative to openssh and that's lsh, but I doubt that will do it either. You're taking the "secure" out of "secure shell", so I doubt any would support it. I think the correct solution, and the thing you should have been pursuing all along, is getting public key authentication to work, since that is a supported feature of an SSH server.
– None – 2013-07-19T12:12:49.907@BrandonInvergo If I am not mistaken, lsh is a client, not a server – Jake Badlands – 2013-07-19T13:02:24.553
1You are mistaken. It includes
lshd, an SSH server. You can try to combine its--no-passwordand--no-publickeyoptions. It also has an experimental option--login-auth-modeto disable authentication altogether. See my updated answer below. – None – 2013-07-19T13:03:19.477