hostbase authentication of hostcertificate
kai_yang2008
kai_yang2008 at 163.com
Wed May 26 19:42:04 EST 2010
Dear All,
I am trying to use the hostcertificate to do the hostbaed authentication with the steps in the regress/cert-hostkey.sh
But it seems that it can not login with the hostcertificate.:
Here is debug message from the ssh client :
ssh -2 -oUserKnownHostsFile=/opt/ssh/etc/known_hosts-cert \
> -oGlobalKnownHostsFile=/opt/ssh/etc/known_hosts-cert sshia3 -p 1111 -vvv
debug1: checking without port identifier
debug3: check_host_in_hostfile: host sshia3 filename /opt/ssh/etc/known_hosts-cert
debug3: check_host_in_hostfile: host sshia3 filename /opt/ssh/etc/known_hosts-cert
debug3: check_host_in_hostfile: CA match line 1
debug1: Host 'sshia3' is known and matches the RSA-CERT host certificate.
debug1: Found certificate in /opt/ssh/etc/known_hosts-cert:1
debug1: found matching key w/out port
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /.ssh/id_rsa (40057810)
debug2: key: /.ssh/id_dsa (0)
debug3: input_userauth_banner
debug1: Authentications that can continue: password,keyboard-interactive,hostbased
debug3: start over, passed a different list password,keyboard-interactive,hostbased
debug3: preferred hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost sshia3
debug2: we sent a hostbased packet, wait for reply
debug1: Authentications that can continue: password,keyboard-interactive,hostbased
debug2: userauth_hostbased: chost sshia3
debug2: we sent a hostbased packet, wait for reply
debug1: Authentications that can continue: password,keyboard-interactive,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
And here is the debug message of ssh server:
...................
ebug2: check_key_in_hostfiles: key not found for sshia3
Failed hostbased for root from fe80::217:8ff:fe7c:d9f4 port 57500 ssh2
debug1: Entering record_failed_login uid 0
debug1: audit event euid 0 user root event 7 (AUTH_FAIL_HOSTBASED)
...........................
So could anyone has some idea about this?Please cc me. Thanks!
Best regards,
Kevin
More information about the openssh-unix-dev
mailing list