[Bug 3615] Host Based Authentication is failing

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 21 19:20:05 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3615

--- Comment #9 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Richard Kreutzer from comment #6)
> As you can see from the attachment, the system wide server
> "ssh_known_hosts" file "/etc/ssh/ssh_known_hosts" contains:
[...]
> I.e., with "root at basement-gentoo.krautclan.com" instead of just
> "root at basement-gentoo"?

No, the hostname is at the start of the line and yours are missing, so:

basement-gentoo.krautclan.com ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABgQCfedQjNbC4......yxew4wj8afDkuQHS8AtZ8=
root at basement-gentoo.krautclan.com

from sshd(8): SSH_KNOWN_HOSTS FILE FORMAT section:

     Each line in these files contains the following fields: marker
(optional), hostnames, key‐
     type, base64-encoded key, comment.  The fields are separated by
spaces.

> I always thought that these were just comments

The parts at the end are comments.

> Attached is the new server side debug output, and it contains the
> same "Failed" message.  I must be misunderstanding something about
> what you are saying.  Would it be safe to post here my public keys
> from the client (e.g., /etc/ssh/ssh_host_ed25519_key.pub) and my
> /etc/ssh/ssh_known_hosts file from the server?

It should be safe since they're public keys, I wouldn't unless you need
to and you don't need to.

> Those are the files involved, right?

Yes.  You would need to add the hostname before the contents of the
.pub file then put it in known_hosts.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list