ssh -2 and hostbasedauth

Gert Doering gert at greenie.muc.de
Fri Nov 16 08:32:11 EST 2001


Hi,

I'm trying to figure out how to read OpenSSH's log files (to assist
our people in diagnosing "why is it always asking me for passwords").

All clients and servers are 3.0p1.

First: server does not have the client's RSA2 key in known_host.

debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is hostbased
debug1: Remote: Accepted by .shosts.
debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Remote: Accepted by .shosts.
debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is publickey
debug1: try privkey: /home/gert/.ssh/id_rsa
debug1: try privkey: /home/gert/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive

Second: server *does* have the key (by doing "ssh -2 <back>"):

debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is hostbased
debug1: Remote: Accepted by .shosts.
debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Remote: Accepted by .shosts.
debug1: ssh-userauth2 successful: method hostbased
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384

- I don't really understand what "Remote: Accepted by .shosts" means,
as in the first example the client connection is NOT accepted (due to
the key not being known).

Is this vague on purpose to avoid handing out information about 
public keys?

How do I find out whether a remote end doesn't want to log me in because
it's missing an .shosts entry, ignoring user .shosts or missing the
client key in .known_hosts?

Somewhat confused,

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de



More information about the openssh-unix-dev mailing list