hosts.equiv (fwd)

James Rippas jrippas at mizuhocap.com
Thu May 24 05:09:17 EST 2001 

Hi,

I'm trying to use it with HostbasedAuth in 2.9p1 and it appears to be
broken.  I am able to connect using HostbasedAuth and rhost/shosts but
when I change IgnoreRhosts to yes I'm unable to connect using
/etc/shosts.equiv.

Both hosts are Solaris 8.

HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_dsa_key
HostKey /etc/ssh_host_rsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin without-password
StrictModes yes
IgnoreRhosts yes
IgnoreUserKnownHosts no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
HostbasedAuthentication yes
RhostsRSAAuthentication yes
RhostsAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no

ssh -v keymaster ls
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Reading configuration data //.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Seeding random number generator
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to keymaster [192.168.60.28] port 22.
debug1: Allocated local port 697.
debug1: temporarily_use_uid: 0/1 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file //.ssh/identity type -1
debug1: identity file //.ssh/id_rsa type -1
debug1: identity file //.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 136/256
debug1: bits set: 985/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'keymaster' is known and matches the RSA host key.
debug1: Found key in /etc/ssh_known_hosts2:1
debug1: bits set: 1026/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is publickey
debug1: try privkey: //.ssh/identity
debug1: try privkey: //.ssh/id_rsa
debug1: try privkey: //.ssh/id_dsa
debug1: next auth method to try is hostbased
debug1: sig size 20 20
debug1: Remote: Server has been configured to ignore .shosts.
debug1: Remote: Server has been configured to ignore .rhosts.
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Remote: Server has been configured to ignore .shosts.
debug1: Remote: Server has been configured to ignore .rhosts.
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: no more auth methods to try
Permission denied (publickey,password,keyboard-interactive,hostbased).
debug1: Calling cleanup 0x4912c(0x0)








Markus Friedl wrote:
> 
> is anyone using rhost-rsa + hosts.equiv? is it broken?
> 
>   ------------------------------------------------------------------------
>    Part 1.2Type: message/rfc822
-------------- next part --------------
---------------------------------------------------------

This e-mail contains information some or all of which may be
confidential, proprietary and/or legally privileged.  If an addressing
or transmission error has misdirected this e-mail, please notify the
sender by replying to this e-mail.  If you are not the intended
recipient you must not use, disclose, distribute, copy, print or rely on
this e-mail.

---------------------------------------------------------

More information about the openssh-unix-dev mailing list