Non-root hostname auth problem
David W. Lewis
dwlewis at dnai.com
Tue Jan 8 03:03:03 EST 2002
All:
I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname
authentication for non-root users. When I connect to the sshd from a
second machine as root it works fine using HostbasedAuthentication, but it
always fails with non-root users.
I suspect that I am having a permissions problem somewhere, but I'll be
damned if I can figure out where.
Any and all help appreciated.
-David
Relevant file snippets below:
****************
Error message generated from the server-side command
/usr/local/sbin/sshd -f /usr/local/etc/sshd_config -d -d -d
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user ais service ssh-connection method none
debug1: attempt 0 failures 0
debug2: input_userauth_request: setting up authctxt for ais
debug1: Starting up PAM with username "ais"
debug3: Trying to reverse map address 192.168.2.226.
debug1: PAM setting rhost to "ais1"
debug2: input_userauth_request: try method none
Failed none for ais from 192.168.2.226 port 34813 ssh2
Connection closed by 192.168.2.226
debug1: Calling cleanup 0x22fcc(0x0)
debug1: Calling cleanup 0x3c848(0x0)
*********************
Error message generated from the client-side command (as the target user)
ssh -F /usr/local/etc/ssh_config -p 1024 -v -v -v NFS
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: keyboard-interactive,hostbased
debug3: start over, passed a different list keyboard-interactive,hostbased
debug3: preferred hostbased,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: password
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug1: userauth_hostbased: no more client hostkeys
debug2: we did not send a packet, disable method
debug1: no more auth methods to try
Permission denied (keyboard-interactive,hostbased).
******************
****sshd_config on server****
Port 1024 # for testing without annoying the users
#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes no
RSAAuthentication no
PubkeyAuthentication no
AuthorizedKeysFile %h/.ssh/authorized_keys
# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts no
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
****ssh_config on client****
PreferredAuthentications hostbased,password
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication no
HostbasedAuthentication yes
PasswordAuthentication yes
More information about the openssh-unix-dev
mailing list