|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: RhostsAuthentication under AIX 4.3.3
Date: Mon Mar 24 2003 - 04:03:34 EST
Friday, March 21, 2003, 1:00:23 PM, you wrote:
Hi Alf,
this is Max from Milan,Italy.
I've compiled Openssh 3.5p1 on Sparc Solaris Platform (Solaris 8 is my
OS) and it runs well.
Before of this , i've compiled Zlibs, openssl.
I've made:
Create SSHD user:
I've compiled ssh with the following options (my compiler is GCC 3.x):
# CFLAGS="-O -s" ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc --with-ipv4-default
--with-xauth=/usr/openwin/bin/xauth --with-md5-passwords --enable-suid-ssh --with-pam
--without-rsh
.
.
.
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: man
PAM support: yes
KerberosIV support: no
KerberosV support: no
Smartcard support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: yes
IP address in $DISPLAY hack: no
Use IPv4 by default hack: yes
Translate v4 in v6 hack: no
BSD Auth support: no
Random number source: ssh-rand-helper
Host: sparc-sun-solaris2.8
Compiler: gcc
Compiler flags: -O -s -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags: -I/usr/local/include
Linker flags: -L/usr/local/lib -R/usr/local/lib
Libraries: -lpam -ldl -lz -lsocket -lnsl -lcrypto
PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory
NOw execute:
# gmake
# gmake install
Try to configure SSH as follows:
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Port 22
Protocol 2,1 <------ COmment out ( Before it use protocollo 2 and then 1 )
#ListenAddress 0.0.0.0
HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin yes
# rhosts authentication should not be used
RhostsAuthentication yes
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts no <-------- From YES to NO ( setting NO to use .rhosts files )
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
StrictModes yes
X11Forwarding yes <-------- from NO to YES ( setting YES for using
encrypting X11 and automatic export of DISPLAY variable )
.
.
In /etc/services add these entries:
ssh 22/tcp ssh 22/udp # for secure FTP
AN> Hi all,
AN> second try to make it work: After I gave up using the precompiled AN> OPENSSH3.4p1 version for AIX, I compiled the sources for OPENSSH3.5p1 on AN> the AIX machines and used one for client-purposes, the ohter as a AN> ssh-server. I want to have the same behaviour as I used the "r-" commands, AN> without password. It still appears to me, as if openssh does not care about AN> any .rhosts or .shosts files. Look what it says in the debuglog: AN> # /opt/sbin/sshd -f /opt/etc/sshd_config -d -d AN> debug1: sshd version OpenSSH_3.5p1 AN> debug1: private host key: #0 type 0 RSA1 AN> debug1: read PEM private key done: type RSA AN> debug1: private host key: #1 type 1 RSA AN> debug1: read PEM private key done: type DSA AN> debug1: private host key: #2 type 2 DSA AN> debug1: Bind to port 22 on 0.0.0.0. AN> Server listening on 0.0.0.0 port 22. AN> Generating 768 bit RSA key. AN> RSA key generation complete. AN> debug1: Server will not fork when running in debugging mode. AN> Connection from 9.164.18.22 port 943 AN> debug1: Client protocol version 1.5; client software version OpenSSH_3.5p1 AN> debug1: match: OpenSSH_3.5p1 pat OpenSSH* AN> debug1: Local version string SSH-1.99-OpenSSH_3.5p1 AN> debug1: permanently_set_uid: 7/204 AN> debug1: Sent 768 bit server key and 1024 bit host key. AN> debug2: Network child is on pid 16256 AN> debug1: Encryption type: 3des AN> debug1: cipher_init: set keylen (16 -> 32) AN> debug1: cipher_init: set keylen (16 -> 32) AN> debug1: Received session key; encryption turned on. AN> debug2: monitor_read: 28 used once, disabling nowAN> debug2: monitor_read: 30 used once, disabling nowdebug1: Installing crc AN> compensation attack detector.
AN> debug1: Attempting authentication for root. AN> debug2: monitor_read: 6 used once, disabling now AN> Failed none for root from 9.164.18.22 port 943 AN> debug2: auth_rhosts2: clientuser root hostname 9.164.18.22 ipaddr AN> 9.164.18.22 AN> debug1: temporarily_use_uid: 0/0 (e=7/204) AN> debug1: restore_uid: (unprivileged) AN> Failed rhosts for root from 9.164.18.22 port 943 ruser root AN> Connection closed by 9.164.18.22 AN> debug1: Calling cleanup 0x200013b0(0x0)
AN> My Client call was
AN> /opt/bin/ssh <hostname> -o RhostsAuthentication=yes -o Protocol=1 -o AN> UsePrivilegedPort=yes
AN> Is there anyone out there in the wide world, who made this work under any AN> OS?
AN> Alf Nicolaysen
Massimiliano Gregis
Sun Microsystems Senior Consultant
Phone.: 035.697534 Mobile: 347.1167790 Fax...: 035.697590 E.mail: - mgregis@sorint.it - massimiliano@sorint.it - massimiliano.gregis@sorint.it
Sorint http://www.sorint.it
Received on Mon Mar 24 12:33:16 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:55 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |