OpenSSH 3.4p1 hostbased auth - howto?
Ben Lindstrom
mouring at etoh.eviladmin.org
Wed Jul 24 10:55:07 EST 2002
On Tue, 23 Jul 2002, Kevin DeGraaf wrote:
> > Use ssh_known_hosts
> > You will have to edit ssh_known_hosts
> > Now the shosts.equiv file (does not need to be world readable)
> > Not quite what you wanted to do.
> > To fix box2, remove the keys and generate new keys.
> > Each machine must have different keys.
> > Now put the public key from all your machines in ssh_known_hosts and
> > distribute ssh_known_hosts and shosts.equiv to each machine.
>
> Okay, I removed all the old configuration and did this:
>
> 1. On m1.ohm.calvin.edu and m2.ohm.calvin.edu, I generated new hostkeys
> (SSH1-RSA, SSH2-RSA, and SSH2-DSA).
>
> 2. On both machines, I created /etc/ssh/ssh_known_hosts:
>
> m1,m1.ohm.calvin.edu,192.168.1.1 ssh-dsa AAAAB3Nza ... =
> m2,m2.ohm.calvin.edu,192.168.1.2 ssh-dsa AAAAB3Nza ... =
>
all host names must have a '.' behind it. or else they will
not work.
IE:
my.host.com.,226.165.46.10 ssh-rsa AAA[..]=
> 3. On both machines, I created /etc/shosts.equiv:
>
> m1
> m2
> m1.ohm.calvin.edu
> m2.ohm.calvin.edu
>
Same here:
my.host.com.
Suggestion.. sshd -d -d -d and ssh -v -v -v are your friend.
- Ben
More information about the openssh-unix-dev
mailing list