OpenSSH 3.4p1 hostbased auth - howto?
Ben Lindstrom
mouring at etoh.eviladmin.org
Wed Jul 24 12:05:41 EST 2002
On Tue, 23 Jul 2002, Tim Rice wrote:
> On Tue, 23 Jul 2002, Ben Lindstrom wrote:
>
> >
> >
> > On Tue, 23 Jul 2002, Kevin DeGraaf wrote:
> >
> > > > Use ssh_known_hosts
> > > > You will have to edit ssh_known_hosts
> > > > Now the shosts.equiv file (does not need to be world readable)
> > > > Not quite what you wanted to do.
> > > > To fix box2, remove the keys and generate new keys.
> > > > Each machine must have different keys.
> > > > Now put the public key from all your machines in ssh_known_hosts and
> > > > distribute ssh_known_hosts and shosts.equiv to each machine.
> > >
> > > Okay, I removed all the old configuration and did this:
> > >
> > > 1. On m1.ohm.calvin.edu and m2.ohm.calvin.edu, I generated new hostkeys
> > > (SSH1-RSA, SSH2-RSA, and SSH2-DSA).
> > >
> > > 2. On both machines, I created /etc/ssh/ssh_known_hosts:
> > >
> > > m1,m1.ohm.calvin.edu,192.168.1.1 ssh-dsa AAAAB3Nza ... =
> > > m2,m2.ohm.calvin.edu,192.168.1.2 ssh-dsa AAAAB3Nza ... =
> > >
> >
> > all host names must have a '.' behind it. or else they will
> > not work.
> >
> > IE:
> >
> > my.host.com.,226.165.46.10 ssh-rsa AAA[..]=
>
> I don't have dots on the end and it works fine here.
>
I can't get it to work with -cvs without them.
- Ben
More information about the openssh-unix-dev
mailing list