OpenSSH 3.4p1 hostbased auth - howto?
Tim Rice
tim at multitalents.net
Sat Jul 20 05:29:11 EST 2002
On Fri, 19 Jul 2002, Kevin DeGraaf wrote:
> How do you enable hostbased authentication in OpenSSH?
>
> I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to
> be able to ssh from either of the machines to the other, as any user,
> without using passwords or per-user keys.
>
> My /etc/ssh/sshd_config contains:
> [...]
> IgnoreRhosts no
> HostbasedAuthentication yes
> [...]
>
> My /etc/ssh/ssh_config contains:
> [...]
Host *
HostbasedAuthentication yes
or
Host box1
HostName box1.kevindegraaf.net
HostbasedAuthentication yes
Host box2
HostName box2.kevindegraaf.net
HostbasedAuthentication yes
> HostbasedAuthentication yes
> [...]
>
> I created the known hosts file like so:
> box1# cd /etc/ssh
> box1# cp ssh_host_dsa_key.pub ssh_known_hosts2
Use ssh_known_hosts
You will have to edit ssh_known_hosts
It will look like
box1,box1.kevindegraaf.net,192.168.99.1 ssh-dss _box1's_key_here
box2,box2.kevindegraaf.net,192.168.99.2 ssh-dss _box2's_key_here
Now the shosts.equiv file (does not need to be world readable)
box1.kevindegraaf.net
box2.kevindegraaf.net
>
> I replicated the config directory:
>
> box2# rm -rf /etc/ssh
> box2# mkdir /etc/ssh
> box2# chown 0755 /etc/ssh
> box2# rcp box1:/etc/ssh/* /etc/ssh
Not quite what you wanted to do.
To fix box2, remove the keys and generate new keys.
Each machine must have different keys.
Now put the public key from all your machines in ssh_known_hosts and
distribute ssh_known_hosts and shosts.equiv to each machine.
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
More information about the openssh-unix-dev
mailing list