Hostbased Authentication Question

Philippe Levan levan at epix.net
Sat Mar 1 13:47:03 EST 2003


Did you try with a different account ?

I believe root logins do not use (s)hosts.equiv but require
an explicit .[sr]hosts file (which, in turn, requires you to
set "IgnoreRhosts no").

			Philippe.

---
Philippe Levan | Systems Engineering
levan at epix.net | epix Internet Services

On Fri, 28 Feb 2003, Jason P Holland wrote:

> Hi,
>   I am still working on getting hostbased authentication working in
> OpenSSH 3.5p1.  I emailed the user list, and got no response.  It seems so
> simple, yet I have continued to have problems getting it working properly.
> I've read posts about it on this list, and the openssh-unix-dev list, and
> nothing I have tried seems to work. My question is this, does it matter
> which key, either ssh_host_key.pub or ssh_host_rsa_key.pub or
> ssh_host_dsa_key.pub, you put in /etc/ssh/ssh_known_hosts???  I have tried
> all three, and continue to get this error from sshd -d -d -d
>
> debug1: userauth_hostbased: cuser root chost mckinley. pkalg ssh-dss slen
> 55
> debug3: mm_key_allowed entering
> debug3: mm_request_send entering: type 20
> debug3: monitor_read: checking request 20
> debug3: mm_answer_keyallowed entering
> debug3: mm_answer_keyallowed: key_from_blob: 0x80a4e88
> debug2: userauth_hostbased: chost mckinley. resolvedname mckinley ipaddr
> 192.168.10.1
> debug2: stripping trailing dot from chost mckinley.
> debug2: auth_rhosts2: clientuser root hostname mckinley ipaddr
> 192.168.10.1
> debug1: temporarily_use_uid: 0/0 (e=0/0)
> debug1: restore_uid: 0/0
> debug1: temporarily_use_uid: 0/0 (e=0/0)
> debug1: restore_uid: 0/0
> debug3: mm_answer_keyallowed: key 0x80a4e88 is disallowed
> debug3: mm_request_send entering: type 21
> debug3: mm_request_receive entering
> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
> debug3: mm_request_receive_expect entering: type 21
> debug3: mm_request_receive entering
> debug2: userauth_hostbased: authenticated 0
>
> notice the "key 0x80a4e88 is disallowed" line.  If I have all my host keys
> in /etc/ssh/ssh_known_hosts on the server I'm trying to connect to, it
> should allow me in.  Right?  I've tried all 3 at the same time, then
> seperately, and nothing.  I've also tried generating new keys, that didn't
> work either.
>
> Yes I have HostbasedAuthentication set to yes in /etc/ssh/sshd_config on
> the server i'm connecting to.
>
> I do have HostbasedAuthentication set to yes in /etc/ssh/ssh_config on the
> client i'm coming from.
>
> I also have an /etc/ssh/shosts.equiv file on the server.
>
> My DSN is setup correctly on both systems, there are no problems doing a
> reverse looking on either box.  I am using fully qualified hostnames, but
> I removed them from the debug output for security reasons.
>
> I have double checked my keys in /etc/ssh/ssh_known_hosts, they are not
> mangled.
>
> Is there anyone on this planet that actually has sshv2 hostbased
> authentication working in openssh 3.5?  I see numerous posts about it, and
> I cannot seem to get it working.
>
> Perhaps this should be in the FAQ?
>
> Can anyone help?  thanks
>
> Jason
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list