OpenSSH 3.4p1 hostbased auth - howto?

Tim Rice tim at multitalents.net
Sat Jul 20 05:29:11 EST 2002


On Fri, 19 Jul 2002, Kevin DeGraaf wrote:

> How do you enable hostbased authentication in OpenSSH?
>
> I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to
> be able to ssh from either of the machines to the other, as any user,
> without using passwords or per-user keys.
>
> My /etc/ssh/sshd_config contains:
>   [...]
>   IgnoreRhosts no
>   HostbasedAuthentication yes
>   [...]
>
> My /etc/ssh/ssh_config contains:
>   [...]
Host *
  HostbasedAuthentication yes
or
Host box1
  HostName box1.kevindegraaf.net
  HostbasedAuthentication yes

Host box2
  HostName box2.kevindegraaf.net
  HostbasedAuthentication yes

>   HostbasedAuthentication yes
>   [...]
>
> I created the known hosts file like so:
>   box1# cd /etc/ssh
>   box1# cp ssh_host_dsa_key.pub ssh_known_hosts2
Use ssh_known_hosts
You will have to edit ssh_known_hosts
It will look like
box1,box1.kevindegraaf.net,192.168.99.1 ssh-dss _box1's_key_here
box2,box2.kevindegraaf.net,192.168.99.2 ssh-dss _box2's_key_here

Now the shosts.equiv file (does not need to be world readable)
box1.kevindegraaf.net
box2.kevindegraaf.net

>
> I replicated the config directory:
>
>   box2# rm -rf /etc/ssh
>   box2# mkdir /etc/ssh
>   box2# chown 0755 /etc/ssh
>   box2# rcp box1:/etc/ssh/* /etc/ssh

Not quite what you wanted to do.
To fix box2, remove the keys and generate new keys.
Each machine must have different keys.

Now put the public key from all your machines in ssh_known_hosts and
distribute ssh_known_hosts and shosts.equiv to each machine.


-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net





More information about the openssh-unix-dev mailing list