Hostbased Authentication Question

Philippe Levan levan at
Sat Mar 1 13:47:03 EST 2003

Did you try with a different account ?

I believe root logins do not use (s)hosts.equiv but require
an explicit .[sr]hosts file (which, in turn, requires you to
set "IgnoreRhosts no").


Philippe Levan | Systems Engineering
levan at | epix Internet Services

On Fri, 28 Feb 2003, Jason P Holland wrote:

> Hi,
>   I am still working on getting hostbased authentication working in
> OpenSSH 3.5p1.  I emailed the user list, and got no response.  It seems so
> simple, yet I have continued to have problems getting it working properly.
> I've read posts about it on this list, and the openssh-unix-dev list, and
> nothing I have tried seems to work. My question is this, does it matter
> which key, either or or
>, you put in /etc/ssh/ssh_known_hosts???  I have tried
> all three, and continue to get this error from sshd -d -d -d
> debug1: userauth_hostbased: cuser root chost mckinley. pkalg ssh-dss slen
> 55
> debug3: mm_key_allowed entering
> debug3: mm_request_send entering: type 20
> debug3: monitor_read: checking request 20
> debug3: mm_answer_keyallowed entering
> debug3: mm_answer_keyallowed: key_from_blob: 0x80a4e88
> debug2: userauth_hostbased: chost mckinley. resolvedname mckinley ipaddr
> debug2: stripping trailing dot from chost mckinley.
> debug2: auth_rhosts2: clientuser root hostname mckinley ipaddr
> debug1: temporarily_use_uid: 0/0 (e=0/0)
> debug1: restore_uid: 0/0
> debug1: temporarily_use_uid: 0/0 (e=0/0)
> debug1: restore_uid: 0/0
> debug3: mm_answer_keyallowed: key 0x80a4e88 is disallowed
> debug3: mm_request_send entering: type 21
> debug3: mm_request_receive entering
> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
> debug3: mm_request_receive_expect entering: type 21
> debug3: mm_request_receive entering
> debug2: userauth_hostbased: authenticated 0
> notice the "key 0x80a4e88 is disallowed" line.  If I have all my host keys
> in /etc/ssh/ssh_known_hosts on the server I'm trying to connect to, it
> should allow me in.  Right?  I've tried all 3 at the same time, then
> seperately, and nothing.  I've also tried generating new keys, that didn't
> work either.
> Yes I have HostbasedAuthentication set to yes in /etc/ssh/sshd_config on
> the server i'm connecting to.
> I do have HostbasedAuthentication set to yes in /etc/ssh/ssh_config on the
> client i'm coming from.
> I also have an /etc/ssh/shosts.equiv file on the server.
> My DSN is setup correctly on both systems, there are no problems doing a
> reverse looking on either box.  I am using fully qualified hostnames, but
> I removed them from the debug output for security reasons.
> I have double checked my keys in /etc/ssh/ssh_known_hosts, they are not
> mangled.
> Is there anyone on this planet that actually has sshv2 hostbased
> authentication working in openssh 3.5?  I see numerous posts about it, and
> I cannot seem to get it working.
> Perhaps this should be in the FAQ?
> Can anyone help?  thanks
> Jason
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

More information about the openssh-unix-dev mailing list