OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?

grantksupport at operamail.com grantksupport at operamail.com
Sat Jan 10 03:05:07 AEDT 2015 

I run OpenSSH on linux

	@ client

		which ssh
			/usr/local/bin/ssh
		ssh -v
			OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014

	@ server

		which sshd
			/usr/local/bin/sshd
		sshd -v
			unknown option -- V
			OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
			usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
			            [-E log_file] [-f config_file] [-g login_grace_time]
			            [-h host_key_file] [-k key_gen_time] [-o option] [-p port]


I have configured for hostbased authentication

	client ssh_config
		...
		PreferredAuthentications           hostbased,publickey
		HostbasedAuthentication            yes
		PubkeyAuthentication               yes
		PasswordAuthentication             no
		...

	server sshd_config
		...
		AuthenticationMethods              hostbased,publickey
		HostbasedAuthentication            yes
		HostbasedUsesNameFromPacketOnly    yes
		PubkeyAuthentication               yes
		PasswordAuthentication             no
		...

on the server, because I'm not entirely sure where to put it yet

	echo "client.DOMAIN.COM" > /etc/shosts.equiv
	echo "client.DOMAIN.COM" > /usr/local/etc/shosts.equiv

when I try to connect

	ssh -vvv server.DOMAIN.COM

hostname auth fails

	...
	Permission denied (hostbased).

debug logs return

	client log
		...
		debug1: Authentications that can continue: hostbased
		debug3: start over, passed a different list hostbased
		debug3: preferred hostbased,publickey
		debug3: authmethod_lookup hostbased
		debug3: remaining preferred: publickey,password
		debug3: authmethod_is_enabled hostbased
		debug1: Next authentication method: hostbased
		debug2: userauth_hostbased: chost client.DOMAIN.COM.
		debug2: we sent a hostbased packet, wait for reply
		debug1: Authentications that can continue: hostbased
		debug2: userauth_hostbased: chost client.DOMAIN.COM.
		debug2: we sent a hostbased packet, wait for reply
		debug1: Authentications that can continue: hostbased
		debug2: userauth_hostbased: chost client.DOMAIN.COM.
		debug2: we sent a hostbased packet, wait for reply
		debug1: Authentications that can continue: hostbased
		debug2: userauth_hostbased: chost client.DOMAIN.COM.
		debug2: we sent a hostbased packet, wait for reply
		debug1: Authentications that can continue: hostbased
		debug1: No more client hostkeys for hostbased authentication.
		debug2: we did not send a packet, disable method
		debug1: No more authentication methods to try.
		Permission denied (hostbased).

	server log
		...
		Jan  9 07:37:31 server sshd[19835]: debug2: input_userauth_request: try method hostbased [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug1: userauth_hostbased: cuser root chost client.DOMAIN.COM. pkalg ssh-ed25519 slen 83 [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_key_allowed entering [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_request_send entering: type 22 [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_request_receive_expect entering: type 23 [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_request_receive entering [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_request_receive entering
		Jan  9 07:37:31 server sshd[19835]: debug3: monitor_read: checking request 22
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_answer_keyallowed entering
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_answer_keyallowed: key_from_blob: 0x7cd1262cbc76
		Jan  9 07:37:31 server sshd[19835]: debug2: userauth_hostbased: chost client.DOMAIN.COM. resolvedname xxxx:xxx:xxxx:xxx::10 ipaddr xxxx:xxx:xxxx:xxx::10
		Jan  9 07:37:31 server sshd[19835]: debug2: stripping trailing dot from chost client.DOMAIN.COM.
		Jan  9 07:37:31 server sshd[19835]: debug2: auth_rhosts2: clientuser root hostname client.DOMAIN.COM ipaddr client.DOMAIN.COM
		Jan  9 07:37:31 server sshd[19835]: debug1: temporarily_use_uid: 0/0 (e=0/0)
		Jan  9 07:37:31 server sshd[19835]: debug1: restore_uid: 0/0
		Jan  9 07:37:31 server sshd[19835]: debug1: temporarily_use_uid: 0/0 (e=0/0)
		Jan  9 07:37:31 server sshd[19835]: debug1: restore_uid: 0/0
		Jan  9 07:37:31 server sshd[19835]: Failed hostbased for root from xxxx:xxx:xxxx:xxx::10 port 40452 ssh2: ED25519 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx, client user "root", client host "client.DOMAIN.COM"
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_answer_keyallowed: key 0x7cd1262cbc76 is not allowed
		Jan  9 07:37:31 server sshd[19835]: debug3: mm_request_send entering: type 23
		Jan  9 07:37:31 server sshd[19835]: debug2: userauth_hostbased: authenticated 0 [preauth]
		Jan  9 07:37:31 server sshd[19835]: debug3: userauth_finish: failure partial=0 next methods="hostbased" [preauth]
		...

I see that

	mm_answer_keyallowed: key 0x7cd1262cbc76 is not allowed

but am not clear what key that is.  grep'ing for '7cd1262cbc76' turns up nothing.

What's wrong or missing in my config?

More information about the openssh-unix-dev mailing list