[Bug 3507] Cannot get host-based authentication to work
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Dec 7 22:18:59 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3507
--- Comment #8 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Thomas Koeller from comment #5)
> (In reply to Darren Tucker from comment #3)
> > Also, what's in sshd_config? Unless you have your DNS forward and
> > reverse exactly right, you probably want
> > "HostbasedUsesNameFromPacketOnly yes" in sshd_config.
>
> Attaching the sever configuration.
>
> Here is the result of a forward/reverse lookup of the host name in
> used, I think that should be o.k.?
Hard to tell from here but I don't see anything obvious. Setting
HostbasedUsesNameFromPacketOnly would remove name resolution as a
variable, though.
I note from the logs that this is a vendor-modified version of OpenSSH
8.8. Can you reproduce the problem with a current version of stock
openssh from openssh.com?
There were a couple of fixes to hostbased in 8.9, but I think only RSA
keys were affected and you're not using those:
* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.
* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list