hostbased authentication problem in 3.4

Vincent Fox vf5 at cad.gatech.edu
Sat Jun 29 01:35:00 EST 2002


I am seeing the same issues as another recent post, hostbased
authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c
patch posted, didn't seem to fix the problem.

Details:
Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d
Key from client ssh_host_rsa_key.pub copied to server /etc/ssh/ssh_known_hosts2
with comma-separated client hostnames added to front and a blank space before
rest of key entry.

debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: match line 1
debug2: check_key_in_hostfiles: key ok for bester.cad.gatech.edu
debug3: mm_answer_keyallowed: key 1323b0 is allowed
debug3: mm_append_debug: Appending debug messages for child
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_send_debug: Sending debug: Accepted for bester.cad.gatech.edu [130.20
7.84.20] by /etc/ssh/shosts.equiv.
debug3: mm_key_verify entering
debug3: mm_request_send entering: type 22
debug3: monitor_read: checking request 22
ssh_rsa_verify: RSA_verify failed: error:04077068:lib(4):func(119):reason(104)
debug1: ssh_rsa_verify: signature incorrect
debug3: mm_answer_keyverify: key 132398 signature unverified
debug3: mm_request_send entering: type 23
Failed hostbased for vf5 from 130.207.84.20 port 33083 ssh2
debug3: mm_request_receive entering
debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY
debug3: mm_request_receive_expect entering: type 23
debug3: mm_request_receive entering
debug2: userauth_hostbased: authenticated 0
Failed hostbased for vf5 from 130.207.84.20 port 33083 ssh2
debug1: userauth-request for user vf5 service ssh-connection method keyboard-int
eractive
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method keyboard-interactive

Still getting an error from ssh_rsa_verify. Additionally I note in the
debug output that despite trying to set in sshd_config the variable
AuthorizedKeysFile /etc/ssh/authorized_keys that ssh -d -d -d output
does not show it checking that file at all. I had to move it to
/etc/ssh/ssh_known_hosts2 to get even this far.

-- 
	"Who needs horror movies when we have Microsoft"?
	 -- Christine Comaford, PC Week, 27/9/95



More information about the openssh-unix-dev mailing list