Hosting Provided By

Re: I am having serious difficulty getting host based authenication working with ssh

From: Roger <securityfocus(at)north-row.com>
Date: Sat Mar 01 2003 - 08:48:23 EST

What I would do in this situation is go back to first principles and start simply. How about trying to get it to work from localhost to localhost and then think about host to host?

I have Mandrake 9.1RC1. To test host-based auth (after installing the relevant packages and starting sshd which created the host keys for me), I did the following:

[root@mandrake root]# echo "localhost root" > ~/.shosts && chmod 0400 ~/.shosts
[root@mandrake root]# echo "IgnoreRhosts no HostbasedAuthentication yes" >> /etc/ssh/sshd_config [root@mandrake root]# echo "HostbasedAuthentication yes" >> /etc/ssh/ssh_config
[root@mandrake root]# service sshd restart [root@mandrake root]# ssh localhost

Last login: Sat Mar 1 13:23:21 2003 from localhost [root@mandrake root]#

So now I can log in locally using host-based authentication. Next I introduced another machine, the server I was going to ssh into using host-based auth. This is a RedHat 8 server.

RedHat servers tend to come with sshd already up and running by default. This was my plan of action:

Do you need help?

[root@mandrake root]# scp /etc/ssh/ssh_host_dsa_key.pub redhat:/etc/ssh/ssh_known_hosts
Warning: Permanently added 'redhat,192.168.0.1' (DSA) to the list of known hosts.
root@redhat's password:

ssh_host_dsa_key.pub 100% |*****************************|   590       00:00
[root@mandrake root]# echo "192.168.0.2	mandrake" >> /etc/hosts # need

to reverse map the ip
[root@mandrake ssh]# ssh redhat
root@redhat's password:
Last login: Sat Mar 1 12:54:33 2003 from mandrake [root@redhat root]# ex -c "s/^/mandrake /|x" /etc/ssh/ssh_known_hosts # need to add the hostname to the key
[root@redhat root]# echo "192.168.0.2 mandrake" >> /etc/hosts # need to reverse map the ip
[root@redhat root]# echo "mandrake root" > ~/.shosts && chmod 0400 ~/.shosts [root@redhat root]# echo "IgnoreRhosts no HostbasedAuthentication yes" >> /etc/ssh/sshd_config [root@redhat root]# echo "HostbasedAuthentication yes" >> /etc/ssh/ssh_config
[root@redhat root]# service sshd restart [root@redhat root]# exit
Connection to redhat closed.
[root@mandrake root]# ssh redhat
Last login: Sat Mar 1 13:04:15 2003 from mandrake [root@redhat root]#

So now I can log into a remote machine using host-based auth. I hope some of this helps you in your quest to get host-based auth working.

Regards,

Roger

Miller Brett wrote:
> Please help (I will give you my first born child!! :) ),
<snip> Received on Sat Mar 1 11:53:19 2003

This message: [ Message body ]
Next message: Martinez, Michael - CSREES/ISTM: "RE: Need Help with sftp logging in chroot env"
Previous message: David French: "Re: Banner messages - avoiding on "ssh host cmd""
In reply to: Miller Brett: "I am having serious difficulty getting host based authenication working with ssh"
In reply to Miller Brett: "I am having serious difficulty getting host based authenication working with ssh"
Next in thread: Brett: "Re: I am having serious difficulty getting host based authenication working with ssh"
Reply: Brett: "Re: I am having serious difficulty getting host based authenication working with ssh"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:55 EDT