EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How can I bypass authentication?

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#2212
Posted: 02/08/2007 22:07:25
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

Hi guys, me again.

Using CElSimpleSSHClientX, how can I bypass authentication altogether (like PuTTY does)?

Thanks
Mike
#2213
Posted: 02/09/2007 02:37:38
by Ken Ivanov (EldoS Corp.)

Not sure if I understand you. In general case, there's no possibility to bypass authentication in SSH. I.e., authentication is *always* performed because of specifics of SSH protocol.
#2214
Posted: 02/09/2007 02:49:41
by Sebastian Jaeschke (Priority Standard support level)
Joined: 12/15/2006
Posts: 11

Quote
Mike Scriven wrote:
how can I bypass authentication altogether


Innokentiy, sorry to hijack this, but I assume Mike thinks about identity/authorized_keys mechs. Didn't had a look into your SSH components, if you support something like this.

Sebastian
#2215
Posted: 02/09/2007 03:03:34
by Ken Ivanov (EldoS Corp.)

Quote
I assume Mike thinks about identity/authorized_keys mechs.

This approach is called public key authentication. Although it is almost transparent for user, it is a strong authentication mechanism.

SecureBlackbox supports public key authentication. Most of SSH/SFTP demo applications illustrate the usage of it.
#2218
Posted: 02/09/2007 08:35:58
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

The latest release of PuTTY (0.59) has an option under SSH, Auth "Bypass authentication entirely (SSH-2 only)". This appears to not send a username or password during the handshake. I tried leaving the username empty with SBB thinking that would do it but the server still appears to think a username has been sent since it just asks for a password. With PuTTY the server asks for both a username and a password.

Hope that makes sense.
#2219
Posted: 02/09/2007 08:47:56
by Ken Ivanov (EldoS Corp.)

Hmm, we need to perform further investigation of this question. Actually, it is possible to turn off authentication but we did not encounter servers supporting this behaviour.

Quote
With PuTTY the server asks for both a username and a password.

If the server asks for a username and a password then authentication is not bypassed (since these credentials are used to authenticate to server).
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 3689 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!