OpenSSH 3.4p1 hostbased auth - howto?
Tim Rice
tim at multitalents.net
Wed Jul 24 12:07:42 EST 2002
On Tue, 23 Jul 2002, Ben Lindstrom wrote:
>
>
> On Tue, 23 Jul 2002, Kevin DeGraaf wrote:
>
> > > Use ssh_known_hosts
> > > You will have to edit ssh_known_hosts
> > > Now the shosts.equiv file (does not need to be world readable)
> > > Not quite what you wanted to do.
> > > To fix box2, remove the keys and generate new keys.
> > > Each machine must have different keys.
> > > Now put the public key from all your machines in ssh_known_hosts and
> > > distribute ssh_known_hosts and shosts.equiv to each machine.
> >
> > Okay, I removed all the old configuration and did this:
> >
> > 1. On m1.ohm.calvin.edu and m2.ohm.calvin.edu, I generated new hostkeys
> > (SSH1-RSA, SSH2-RSA, and SSH2-DSA).
> >
> > 2. On both machines, I created /etc/ssh/ssh_known_hosts:
> >
> > m1,m1.ohm.calvin.edu,192.168.1.1 ssh-dsa AAAAB3Nza ... =
> > m2,m2.ohm.calvin.edu,192.168.1.2 ssh-dsa AAAAB3Nza ... =
> >
>
> all host names must have a '.' behind it. or else they will
> not work.
>
> IE:
>
> my.host.com.,226.165.46.10 ssh-rsa AAA[..]=
I don't have dots on the end and it works fine here.
>
> > 3. On both machines, I created /etc/shosts.equiv:
^^^^
This may not work.
On my machines where --sysconfdir=/etc/ssh my shosts.equiv is in /etc/ssh
> > m1
> > m2
> > m1.ohm.calvin.edu
> > m2.ohm.calvin.edu
> >
>
> Same here:
>
> my.host.com.
Hmm, I don't have dots at the end here ethier.
Probably was needed on erlier versions.
>
> Suggestion.. sshd -d -d -d and ssh -v -v -v are your friend.
>
The only change I make to sshd_config (that's hostbased related) is
HostbasedAuthentication yes
All others are defaults.
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
More information about the openssh-unix-dev
mailing list