openssh 3.5p1 hostbased authentication
Jason P Holland
jholland at cs.selu.edu
Thu Feb 6 04:49:39 EST 2003
hello,
i did some debugging today, here is the weird portion form sshd -d -d -d
debug1: userauth-request for user jholland service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method hostbased
debug1: userauth_hostbased: cuser jholland chost i2-0. pkalg ssh-dss slen
55
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x6000000000022cd0
debug2: userauth_hostbased: chost i2-0. resolvedname i2-0 ipaddr
192.168.100.10
debug2: stripping trailing dot from chost i2-0.
debug2: auth_rhosts2: clientuser jholland hostname i2-0 ipaddr
192.168.100.10
debug1: temporarily_use_uid: 500/100 (e=0/0)
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug1: restore_uid: 0/0
debug2: userauth_hostbased: access allowed by auth_rhosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: key_read: type mismatch
debug1: temporarily_use_uid: 500/100 (e=0/0)
debug3: check_host_in_hostfile: filename /home/jholland/.ssh/known_hosts
debug3: key_read: type mismatch
debug1: restore_uid: 0/0
debug2: check_key_in_hostfiles: key not found for i2-0
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug1: temporarily_use_uid: 500/100 (e=0/0)
debug3: check_host_in_hostfile: filename /home/jholland/.ssh/known_hosts2
debug1: restore_uid: 0/0
debug2: check_key_in_hostfiles: key not found for i2-0
debug3: mm_answer_keyallowed: key 0x6000000000022cd0 is disallowed
debug3: mm_append_debug: Appending debug messages for child
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_send_debug: Sending debug: Accepted for i2-0 [192.168.100.10]
by /etc/hosts.equiv.
debug2: userauth_hostbased: authenticated 0
Failed hostbased for jholland from 192.168.100.10 port 32965 ssh2
what in the world is the "key_read: type mismatch" all about? I'm using
rsa pub key
in my ssh_known_hosts file.
can someone help me out? thanks
jason
>
> hello all,
> i know this question has been asked before, i have read the posts, but i
> just cannot figure out how to get hostbased authentication working. i am
> running openssh 3.5p1 on some redhat advanced workstation 2.1 for ia64
> architecture systems. i have enabled HostbasedAuthentication in both my
> /etc/ssh/ssh_config file and /etc/ssh/sshd_config file. I have all my
> known hosts listed in /etc/ssh/ssh_known_hosts. I also have my
> /etc/ssh/shosts.equiv file setup as well. However, after all that, i'm
> still prompted for a password.
>
> [root at i2-1 ssh]# ssh -v -v i2-0
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to i2-0 [192.168.100.10] port 22.
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug2: key_type_from_name: unknown key type '-----END'
> debug1: identity file /root/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.5p1
> debug1: match: OpenSSH_3.5p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.5p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 137/256
> debug1: bits set: 1614/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'i2-0' is known and matches the RSA host key.
> debug1: Found key in /etc/ssh/ssh_known_hosts:1
> debug1: bits set: 1587/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug1: next auth method to try is hostbased
> debug2: userauth_hostbased: chost i2-1.
> debug2: we sent a hostbased packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug2: userauth_hostbased: chost i2-1.
> debug2: we sent a hostbased packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug1: userauth_hostbased: no more client hostkeys
> debug2: we did not send a packet, disable method
> debug1: next auth method to try is publickey
> debug1: try privkey: /root/.ssh/identity
> debug1: try privkey: /root/.ssh/id_rsa
> debug1: try pubkey: /root/.ssh/id_dsa
> debug2: we sent a publickey packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug2: we did not send a packet, disable method
> debug1: next auth method to try is keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug2: we did not send a packet, disable method
> debug1: next auth method to try is password
> root at i2-0's password:
>
>
> seems like it is stuck waiting for a hostbased packet reply, but never
> gets it. i have no clue where to go from here. there are no firewalls on
> these machines either. and i have tried priveledge and unpriv ports.
> any help would be greatly appreciated. thanks!
>
> Jason
>
> ps please cc me, i'm not subscribed to the list, thanks
>
>
More information about the openssh-unix-dev
mailing list