OpenSSH 3.0.Xp1, AIX -> Sun trusted host problem

Sandor W. Sklar ssklar at stanford.edu
Fri Jan 11 09:15:22 EST 2002 

Hi, Folks ...

Apologies in advance for the length of this message, but I wanted to 
be thorough, and provide as much info as I could.  I'm trying to 
figure out a problem in trusted-host authentication using AIX hosts 
as clients, and a Sun host as the server; either I'm missing 
something real obvious, or there might be a bug somewhere in some 
piece of software involved here.

-- All of the AIX hosts are at AIX 4.3.3-ML08

-- All of the AIX hosts are using OpenSSH 3.0.1p1, from the same compilation

-- All of the AIX hosts have identical /etc/ssh/ssh_config files

-- The Sun host is running OpenSSH 3.0.2p1 on Solaris 5.6

I'm attempting to get trusted host authentication for protocol 2 
working, for a user account (existing on all four systems, with the 
same UID and primary GID, but with local home directories, not NFS 
mounted).

The following is identical for all of the AIX hosts:

$ ls -l `which ssh` ; ssh -V
-rws--x--x   1 root     system   1034732 Dec 02 10:09 /usr/local/bin/ssh
OpenSSH_3.0.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f

And on the Sun server:

# /usr/local/sbin/sshd -V
sshd: option requires an argument -- V
sshd version OpenSSH_3.0.2p1
Usage: sshd [options]
...

In order to protect the innocent, I'm replacing the hostnames and IP 
addresses in this mail with:

aixhost1    aa.aa.aa.aa
aixhost2    bb.bb.bb.bb
aixhost3    cc.cc.cc.cc
sunhost     dd.dd.dd.dd


-- From all AIX systems, trusted-host authentication works fine, with 
the three AIX hosts listed in the ~/.shosts file.

-- On one AIX system, trusted-host authentication works IF the user 
account is a member of the "system" group.  (in the details below, 
this system will be "aixhost1")

-- On the other two AIX systems, trusted-host authentication fails, 
with no difference seen if the user is a member of the "system" group 
or not.

Here is the contents of the /etc/ssh/ssh_config file, which is 
identical on all three AIX systems:

	Host *
	  LogLevel ERROR
	  IdentityFile ~/.ssh/identity
	  IdentityFile ~/.ssh/id_dsa
	  IdentityFile ~/.ssh/id_rsa
	  UserKnownHostsFile ~/.ssh/known_hosts
	  GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
	  XAuthLocation /usr/bin/X11/xauth
	  Protocol 2,1
	  Port 22
	  KeepAlive no
	  CheckHostIP yes
	  StrictHostKeyChecking ask
	  EscapeChar ~
	  Cipher 3des
	  Ciphers 
blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
	  MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
	  Compression no
	  CompressionLevel 6
	  ConnectionAttempts 1
	  HostKeyAlgorithms ssh-rsa,ssh-dss
	  UsePrivilegedPort yes
	  PreferredAuthentications 
hostbased,publickey,keyboard-interactive,password
	  NoHostAuthenticationForLocalhost no
	  BatchMode no
	  PasswordAuthentication yes
	  NumberOfPasswordPrompts 3
	  RSAAuthentication yes
	  PubkeyAuthentication yes
	  UseRsh no
	  FallBackToRsh no
	  RhostsAuthentication yes
	  RhostsRSAAuthentication yes
	  HostbasedAuthentication yes
	  ClearAllForwardings no
	  ForwardAgent yes
	  ForwardX11 yes
	  GatewayPorts yes

On the Sun server, here is the /etc/ssh/sshd_config file ...

	PidFile   /etc/ssh/sshd.pid
	Port 22
	Protocol 2,1
	ListenAddress 0.0.0.0
	HostKey /etc/ssh/ssh_host_key
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	ServerKeyBits 768
	LoginGraceTime 600
	KeyRegenerationInterval 3600
	PermitRootLogin no
	IgnoreRhosts no
	IgnoreUserKnownHosts no
	StrictModes yes
	X11Forwarding yes
	X11DisplayOffset 10
	PrintMotd no
	KeepAlive yes
	SyslogFacility DAEMON
	LogLevel DEBUG
	RhostsAuthentication no
	RhostsRSAAuthentication yes
	HostbasedAuthentication yes
	RSAAuthentication yes
	PasswordAuthentication yes
	PermitEmptyPasswords no
	UseLogin no
	MaxStartups 10:20:40
	ReverseMappingCheck no
	Subsystem       sftp    /usr/local/libexec/sftp-server


The following log snippets are from the server-side.  I've cut out 
what I thought to be irrelevant parts.

====================
Test #1 (succeeded)
====================

The user is "patrol", and is in the "system" group ...

aixhost1:patrol 350 /opt/patrol>id
uid=6737(patrol) gid=1012(patrol) groups=0(system)
aixhost1:patrol 351 /opt/patrol>ssh -2 sunhost uptime
   1:27pm  up 13 day(s),  2:45,  4 users,  load average: 0.02, 0.02, 0.02


... and from the sshd server log ...

Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: Connection from 
aa.aa.aa.aa port 732
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: Client 
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: match: 
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: Enabling 
compatibility mode for protocol 2.0
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: Local 
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: 
list_hostkey_types: ssh-rsa,ssh-dss
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: SSH2_MSG_KEXINIT sent
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: 
SSH2_MSG_KEXINIT received
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: kex: 
client->server blowfish-cbc hmac-md5 none
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: kex: 
server->client blowfish-cbc hmac-md5 none
Jan 10 13:31:14 sunhost.stanford.edu sshd[6804]: debug1: Forked child 6832.
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: dh_gen_key: 
priv key bits set: 131/256
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: bits set: 1024/2049
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: expecting 
SSH2_MSG_KEX_DH_GEX_INIT
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: bits set: 1030/2049
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: kex_derive_keys
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: newkeys: mode 1
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: SSH2_MSG_NEWKEYS sent
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: waiting for 
SSH2_MSG_NEWKEYS
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: newkeys: mode 0
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
SSH2_MSG_NEWKEYS received
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: KEX done
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
userauth-request for user patrol service ssh-connection method none
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: attempt 0 failures 0
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: Failed none for 
patrol from aa.aa.aa.aa port 732 ssh2
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
userauth-request for user patrol service ssh-connection method 
hostbased
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: attempt 1 failures 1
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
userauth_hostbased: cuser patrol chost aixhost1.Stanford.EDU. pkalg 
ssh-dss slen 55
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: restore_uid
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: restore_uid
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: restore_uid
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: 
ssh_dss_verify: signature correct
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: Accepted hostbased 
for patrol from aa.aa.aa.aa port 732 ssh2
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: Entering 
interactive session for SSH2.

[ the above connection succeeded; the client used a privileged port, 
and the server "Accepted hostbased" ]


====================
Test #2 (failed)
====================

same system, same user, but removed from the "system" group ...

Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: Connection from 
aa.aa.aa.aa port 36125
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: Client 
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: match: 
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: Enabling 
compatibility mode for protocol 2.0
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: Local 
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: Rhosts 
Authentication disabled, originating port 36125 not trusted.


[ note that a privileged port was NOT used, and thus the user was 
prompted for a password ]


====================
Test #3 (failed)
====================

another system, same user, and user is in the "system" group ...

Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: Connection from 
bb.bb.bb.bb port 624
Jan 10 13:40:08 sunhost.stanford.edu sshd[6804]: debug1: Forked child 6848.
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: Client 
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: match: 
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: Enabling 
compatibility mode for protocol 2.0
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: Local 
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: 
list_hostkey_types: ssh-rsa,ssh-dss
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: SSH2_MSG_KEXINIT sent
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: 
SSH2_MSG_KEXINIT received
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: kex: 
client->server blowfish-cbc hmac-md5 none
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: kex: 
server->client blowfish-cbc hmac-md5 none
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: 
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: 
SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: dh_gen_key: 
priv key bits set: 130/256
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: bits set: 1031/2049
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: expecting 
SSH2_MSG_KEX_DH_GEX_INIT
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: bits set: 1025/2049
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: kex_derive_keys
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: newkeys: mode 1
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: SSH2_MSG_NEWKEYS sent
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: waiting for 
SSH2_MSG_NEWKEYS
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: newkeys: mode 0
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
SSH2_MSG_NEWKEYS received
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: KEX done
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
userauth-request for user patrol service ssh-connection method none
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: attempt 0 failures 0
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: Failed none for 
patrol from bb.bb.bb.bb port 624 ssh2
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
userauth-request for user patrol service ssh-connection method 
hostbased
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: attempt 1 failures 1
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg 
ssh-dss slen 55
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: Failed hostbased for 
patrol from bb.bb.bb.bb port 624 ssh2
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
userauth-request for user patrol service ssh-connection method 
hostbased
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: attempt 2 failures 2
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg 
ssh-rsa slen 143
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: Failed hostbased for 
patrol from bb.bb.bb.bb port 624 ssh2

[ privileged port was used, but hostbased auth was still not accepted ]


====================
Test #4 (failed)
====================

same as test #3, but user is removed from "system" group ...

Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: Connection from 
bb.bb.bb.bb port 893
Jan 10 13:57:26 sunhost.stanford.edu sshd[6804]: debug1: Forked child 6878.
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: Client 
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: match: 
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: Enabling 
compatibility mode for protocol 2.0
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: Local 
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: 
list_hostkey_types: ssh-rsa,ssh-dss
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: SSH2_MSG_KEXINIT sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: 
SSH2_MSG_KEXINIT received
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: kex: 
client->server blowfish-cbc hmac-md5 none
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: kex: 
server->client blowfish-cbc hmac-md5 none
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: 
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: 
SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: dh_gen_key: 
priv key bits set: 127/256
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: bits set: 1023/2049
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: expecting 
SSH2_MSG_KEX_DH_GEX_INIT
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: bits set: 1052/2049
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: 
SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: kex_derive_keys
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: newkeys: mode 1
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: SSH2_MSG_NEWKEYS sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: waiting for 
SSH2_MSG_NEWKEYS
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: newkeys: mode 0
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
SSH2_MSG_NEWKEYS received
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: KEX done
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
userauth-request for user patrol service ssh-connection method none
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: attempt 0 failures 0
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: Failed none for 
patrol from bb.bb.bb.bb port 893 ssh2
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
userauth-request for user patrol service ssh-connection method 
hostbased
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: attempt 1 failures 1
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg 
ssh-dss slen 55
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: Failed hostbased for 
patrol from bb.bb.bb.bb port 893 ssh2
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
userauth-request for user patrol service ssh-connection method 
hostbased
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: attempt 2 failures 2
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg 
ssh-rsa slen 143
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: 
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: Failed hostbased for 
patrol from bb.bb.bb.bb port 893 ssh2


[ client again used privileged port, but user was still denied ]

===============================================================================

If I'm missing something obvious, I'd appreciate it if someone would 
point it out, and I'd gladly dope-slap myself.  If there does indeed 
seem to be some issue there, it would be great if someone with more 
coding experience (which would be just about everyone) could point me 
in the proper direction.

I should also note that this works fine when going from a sun host as 
a client and a sun host as the server.

Thanks, --Sandy

-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   Sandor W. Sklar  -  Unix Systems Administrator  -  Stanford University ITSS
   Non impediti ratione cogitationis.   <http://whippet.stanford.edu/~ssklar/>
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

More information about the openssh-unix-dev mailing list