Hosting Provided By

Hostbased Authentication Question

From: Jason P Holland <jholland(at)cs.selu.edu>
Date: Thu Feb 27 2003 - 16:56:26 EST

Hi,
I am still working on getting hostbased authentication working in OpenSSH 3.5p1. It seems so simple, yet I have continued to have problems getting it working properly. I've read posts about it on this list, and the openssh-unix-dev list, and nothing I have tried seems to work. My question is this, does it matter which key, either ssh_host_key.pub or ssh_host_rsa_key.pub or ssh_host_dsa_key.pub, you put in /etc/ssh/ssh_known_hosts??? I have tried all three, and continue to get this error from sshd -d -d -d

debug1: userauth_hostbased: cuser root chost mckinley. pkalg ssh-dss slen 55

debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x80a4e88
debug2: userauth_hostbased: chost mckinley. resolvedname mckinley ipaddr

192.168.10.1
debug2: stripping trailing dot from chost mckinley. debug2: auth_rhosts2: clientuser root hostname mckinley ipaddr 192.168.10.1

debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x80a4e88 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug2: userauth_hostbased: authenticated 0

notice the "key 0x80a4e88 is disallowed" line. If I have all my host keys in /etc/ssh/ssh_known_hosts on the server I'm trying to connect to, it should allow me in. Right? I've tried all 3 at the same time, then seperately, and nothing. I've also tried generating new keys, that didn't work either.

Yes I have HostbasedAuthentication set to yes in /etc/ssh/sshd_config on the server i'm connecting to.

I do have HostbasedAuthentication set to yes in /etc/ssh/ssh_config on the client i'm coming from.

I also have an /etc/ssh/shosts.equiv file on the server.

My DSN is setup correctly on both systems, there are no problems doing a reverse looking on either box. I am using fully qualified hostnames, but I removed them from the debug output for security reasons.

Do you need help?

I have double checked my keys in /etc/ssh/ssh_known_hosts, they are not mangled.

Is there anyone on this planet that actually has sshv2 hostbased authentication working in openssh 3.5? I see numerous posts about it, and I cannot seem to get it working.

Perhaps this should be in the FAQ?

Can anyone help? thanks

Jason Received on Thu Feb 27 19:41:27 2003

This message: [ Message body ]
Next message: Cl. Yuri Huitron Alvarado: "Can't transfer files via scp because it returns : "File transfer server could not be started or it exited unexpectedly""
Previous message: Clary, Steve: "Key Exchange Failed (error message)"
Next in thread: Markus Friedl: "Re: Hostbased Authentication Question"
Reply: Markus Friedl: "Re: Hostbased Authentication Question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:55 EDT