Non-root hostname auth problem
Markus Friedl
markus at openbsd.org
Tue Jan 8 10:07:41 EST 2002
are you sure ssh is setuid root?
On Mon, Jan 07, 2002 at 06:03:03PM +0200, David W. Lewis wrote:
> All:
>
> I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname
> authentication for non-root users. When I connect to the sshd from a
> second machine as root it works fine using HostbasedAuthentication, but it
> always fails with non-root users.
>
> I suspect that I am having a permissions problem somewhere, but I'll be
> damned if I can figure out where.
>
> Any and all help appreciated.
>
> -David
>
> Relevant file snippets below:
>
> ****************
> Error message generated from the server-side command
>
> /usr/local/sbin/sshd -f /usr/local/etc/sshd_config -d -d -d
>
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user ais service ssh-connection method none
> debug1: attempt 0 failures 0
> debug2: input_userauth_request: setting up authctxt for ais
> debug1: Starting up PAM with username "ais"
> debug3: Trying to reverse map address 192.168.2.226.
> debug1: PAM setting rhost to "ais1"
> debug2: input_userauth_request: try method none
> Failed none for ais from 192.168.2.226 port 34813 ssh2
> Connection closed by 192.168.2.226
> debug1: Calling cleanup 0x22fcc(0x0)
> debug1: Calling cleanup 0x3c848(0x0)
>
> *********************
> Error message generated from the client-side command (as the target user)
>
> ssh -F /usr/local/etc/ssh_config -p 1024 -v -v -v NFS
>
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue: keyboard-interactive,hostbased
> debug3: start over, passed a different list keyboard-interactive,hostbased
> debug3: preferred hostbased,password
> debug3: authmethod_lookup hostbased
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled hostbased
> debug1: next auth method to try is hostbased
> debug1: userauth_hostbased: no more client hostkeys
> debug2: we did not send a packet, disable method
> debug1: no more auth methods to try
> Permission denied (keyboard-interactive,hostbased).
> ******************
> ****sshd_config on server****
>
> Port 1024 # for testing without annoying the users
> #Port 22
> Protocol 2
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> # HostKey for protocol version 1
> HostKey /usr/local/etc/ssh_host_key
> # HostKeys for protocol version 2
> HostKey /usr/local/etc/ssh_host_rsa_key
> HostKey /usr/local/etc/ssh_host_dsa_key
> # Lifetime and size of ephemeral version 1 server key
> KeyRegenerationInterval 3600
> ServerKeyBits 768
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
> # Authentication:
> LoginGraceTime 600
> PermitRootLogin yes
> StrictModes no
> RSAAuthentication no
> PubkeyAuthentication no
> AuthorizedKeysFile %h/.ssh/authorized_keys
> # rhosts authentication should not be used
> RhostsAuthentication no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts no
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
> IgnoreUserKnownHosts no
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
>
> ****ssh_config on client****
>
> PreferredAuthentications hostbased,password
> RhostsAuthentication no
> RhostsRSAAuthentication no
> RSAAuthentication no
> HostbasedAuthentication yes
> PasswordAuthentication yes
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list