Hostbased Authentication Question

Jason P Holland jholland at
Sat Mar 1 06:42:22 EST 2003

  I am still working on getting hostbased authentication working in
OpenSSH 3.5p1.  I emailed the user list, and got no response.  It seems so
simple, yet I have continued to have problems getting it working properly.  
I've read posts about it on this list, and the openssh-unix-dev list, and
nothing I have tried seems to work. My question is this, does it matter
which key, either or or, you put in /etc/ssh/ssh_known_hosts???  I have tried
all three, and continue to get this error from sshd -d -d -d

debug1: userauth_hostbased: cuser root chost mckinley. pkalg ssh-dss slen 
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x80a4e88
debug2: userauth_hostbased: chost mckinley. resolvedname mckinley ipaddr
debug2: stripping trailing dot from chost mckinley.
debug2: auth_rhosts2: clientuser root hostname mckinley ipaddr
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x80a4e88 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug2: userauth_hostbased: authenticated 0

notice the "key 0x80a4e88 is disallowed" line.  If I have all my host keys
in /etc/ssh/ssh_known_hosts on the server I'm trying to connect to, it
should allow me in.  Right?  I've tried all 3 at the same time, then 
seperately, and nothing.  I've also tried generating new keys, that didn't 
work either.

Yes I have HostbasedAuthentication set to yes in /etc/ssh/sshd_config on 
the server i'm connecting to.

I do have HostbasedAuthentication set to yes in /etc/ssh/ssh_config on the 
client i'm coming from.

I also have an /etc/ssh/shosts.equiv file on the server.

My DSN is setup correctly on both systems, there are no problems doing a 
reverse looking on either box.  I am using fully qualified hostnames, but 
I removed them from the debug output for security reasons.

I have double checked my keys in /etc/ssh/ssh_known_hosts, they are not 

Is there anyone on this planet that actually has sshv2 hostbased
authentication working in openssh 3.5?  I see numerous posts about it, and
I cannot seem to get it working.

Perhaps this should be in the FAQ?

Can anyone help?  thanks


More information about the openssh-unix-dev mailing list