hostbased failing and can't derive reason of failure in debugging output
Marc Owen
mowen at gmx.net
Mon Dec 8 16:31:30 EST 2003
On Sun, 7 Dec 2003 17:23:53 -0800 (PST)
Tim Rice <tim at multitalents.net> wrote:
> Add this to the end of your ssh_config
>
> Host *
> EnableSSHKeysign yes
>
Doesn't help. It doesn't continue for some reason, even with localhost. I
just made new hostkeys with ssh-keygen and appended the new DSA key to
ssh_known_hosts2, just to be on the sure side that the keys were matching.
They are: the current DSA key is the one in ssh_known_host2, and only SSH
protocol 2 has been enabled in the configuration files.
`ssh -vvv hostname` output:
[...]
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost hostname.domainname.tld.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted for hostname.domainname.tld \
[::ffff:196.168.1.6] by /etc/ssh/shosts.equiv
debug1: Authentications that can continue: \
publickey,password,keyboard-interactive,hostbased
debug2: userauth_hostbased: chost hostname.domainname.tld.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted for hostname.domainname.tld \
[::ffff:196.168.1.6] by /etc/ssh/shosts.equiv
debug1: Authentications that can continue: \
publickey,password,keyboard-interactive,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
[...]
The server side is pretty much like mentioned in my previous mail. I don't
know if the keys are not accepted or the client just ignores the
'Accepted for' bit (if that points out final hostbased access permission).
PS: ssh-keysign is setuid.
More information about the openssh-unix-dev
mailing list