OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?

Iain Morgan imorgan at nas.nasa.gov
Sat Jan 10 10:13:00 AEDT 2015


On Fri, Jan 09, 2015 at 14:42:59 -0800, grantksupport at operamail.com wrote:
> 
> 
> On Fri, Jan 9, 2015, at 02:26 PM, Iain Morgan wrote:
> > > 	server
> > > 
> > > 		ls -al /usr/local/libexec/ssh-keysign
> > > 			-rwsr-xr-x+ 1 root root 455K Oct 11 06:51 /usr/local/libexec/ssh-keysign*
> > > 
> > > 		ls -al /usr/local/etc/ssh/ssh.server.ed25519*
> > > 			-rw-------+ 1 root root 464 May 10  2014 /usr/local/etc/ssh/ssh.server.ed25519
> > > 			-rw-r--r--+ 1 root root 107 May 10  2014 /usr/local/etc/ssh/ssh.server.ed25519.pub
> > > 
> > 
> > Renaming the keys in your output only serves to complicate matters for
> > those who are taking time to try to help you.
> 
> How so?  What's being complicated?  I haven't renamed anything "in my output".
> 
> Those are the actual keynames, and locations, that I've been using for years, renewed, as you can see by the date, just last May

So, how many barrels do you have in that shotgun pointed at your foot?

It looks like you need to read the manual files. While the server
permits you to specify the names and locations of the host keys, the
client does NOT. The locations are hard-coded into ssh and ssh-keysign
at build time; using IdentitryFile does not alter this.

As noted before, only hostbased authentication uses the client's host
keys, so renaming the keys would not have impacted other authentication
methods. 

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list