How can I accept all SSH requests?

1

I would like to have a VM accept all SSH requests. That is, anyone on the network (namely, the host) can SSH into the shell without password checking, public key, etc. I know this is largely against the premise of SSH, but is it possible?

Criterion: It should not be a VM hack; I want this to simulate two computers on the same network, one with 'swiss-cheese' security.

In summary: ssh user_name@host_machine should work, regardless of the nature of the ssh'ing machine, settings, RSA keys, etc.

j6m8

Posted 2013-07-31T04:54:34.833

Reputation: 141

You could recompile sshd to always accept the connection and log them in as some user... – Rook – 2013-07-31T06:18:40.783

Please remember to mention your OS. Both the host and the guest in this case. Answers are very likely to be OS-dependent. – terdon – 2013-07-31T16:08:20.587

Answers

1

Two options:

  • Recompile SSH to always accept no matter what the password (probably no more than a line or two needs to change)
  • Modify your PAM stack to always accept for authentication. You can make this for all services, or you can specify an alternate PAM stack just for inbound SSH.

Note that I'm a bit rusty on PAM rules, and these are (obviously) not tested. So you may have to tweak things a bit to make it work. Feel free to edit if you get it working.

But for example to allow if the attempted username is listed in a file:

# in /etc/pam.d/sshd
auth sufficient pam_listfile.so item=user sense=allow file=/etc/sshd_allowed_users onerr=fail

Or just permit everything:

# in /etc/pam.d/sshd
auth sufficient pam_permit.so

Presumably a user would have to pick the username of a valid account. But I'm not 100% certain as to what will happen.

tylerl

Posted 2013-07-31T04:54:34.833

Reputation: 2 064

Fantastic, that's exactly what I was looking for (moreso the second solution, though I think the first one will come in handy as well). Tons of thanks! (Wish I had enough rep to upvote...) – j6m8 – 2013-09-28T04:24:47.287

Asked: 2013-07-31T04:54:34.833

Viewed: 151 times

Active: 2013-07-31T16:05:48.873