hostbased failing and can't derive reason of failure in debugging output

Marc Owen mowen at gmx.net
Mon Dec 8 16:31:30 EST 2003


On Sun, 7 Dec 2003 17:23:53 -0800 (PST)
Tim Rice <tim at multitalents.net> wrote:

> Add this to the end of your ssh_config
> 
> Host *
>   EnableSSHKeysign yes
> 

Doesn't help. It doesn't continue for some reason, even with localhost. I
just made new hostkeys with ssh-keygen and appended the new DSA key to
ssh_known_hosts2, just to be on the sure side that the keys were matching.
They are: the current DSA key is the one in ssh_known_host2, and only SSH
protocol 2 has been enabled in the configuration files.


`ssh -vvv hostname` output:

[...]
debug1: Next authentication method: hostbased

debug2: userauth_hostbased: chost hostname.domainname.tld.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted for hostname.domainname.tld \
  [::ffff:196.168.1.6] by /etc/ssh/shosts.equiv
debug1: Authentications that can continue: \
  publickey,password,keyboard-interactive,hostbased

debug2: userauth_hostbased: chost hostname.domainname.tld.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted for hostname.domainname.tld \
  [::ffff:196.168.1.6] by /etc/ssh/shosts.equiv
debug1: Authentications that can continue: \
  publickey,password,keyboard-interactive,hostbased

debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
[...]


The server side is pretty much like mentioned in my previous mail. I don't
know if the keys are not accepted or the client just ignores the
'Accepted for' bit (if that points out final hostbased access permission).


PS: ssh-keysign is setuid.




More information about the openssh-unix-dev mailing list