Re: hostbased authentication

Stephanie Thomas Mon, 27 Aug 2001 04:00:07 -0700
Hi Michael,

In all likelihood, this is a DNS issue:

See this part in your debug:

debug: client supports 1 auth methods: 'hostbased'
debug: Ssh2Common/sshcommon.c:496: local ip = 134.76.237.10, local port = 65227
debug: Ssh2Common/sshcommon.c:498: remote ip = 134.76.237.10, remote port = 22
 >>> debug: Ssh2Common/sshcommon.c:369: remote hostname is "134.76.237.10".
debug: SshConnection/sshconn.c:1889: Wrapping...

The line marked with >>> tells tells us that the remote hostname is
being reported as 134.76.234.10 instead of xxx.mpae.gwdg.de.ssh-dss.pub

You will either need to resolve the DNS issue, or edit your /etc/hosts
file to ensure that the FQDN is listed first, i.e.:

134.76.237.10 
xxx.mpae.gwdg.de    xxx

Then make sure your /etc/resolv.conf lists files before dns.

Restart the sshd2 daemon, then try again.

Let us know if this resolves the problem.

Best Regards,

Steph

-- 
*********************************
Stephanie Thomas
Technical Support Specialist
SSH Secure Shell
GIAC Certified
Unix Security Administrator
SSH Communications Security Inc.
http://www.ssh.com/support/ssh
*********************************

Michael Bruns wrote:

> Hello,
> 
> i have problems to activate hostbased authentication for
> the ssh version 3.0.1 compiled from source on Solaris 2.6.
> I have read all the FAQ's about setting up hostbased
> authentication and so the ssh2_config and sshd2_config
> contains the hostbased option for the AllowedAuthentications
> keyword. There is also the right DefaultDomain configured
> and there is also a correct /etc/shosts.equiv.
> 
> The server offers auth methods 'hostbased,publickey,password'
> but the client debug states:
> 
> debug: Ssh2AuthClient/sshauthc.c:316: Method 'hostbased' disabled.
> 
> Any hints are welcome.
> Greetings,
> M.Bruns
> 
> PS: I don't see that the ssh server/client accesses the pub keys in the
>     /etc/ssh2/knownhosts directory (e.g. xxx.mpae.gwdg.de.ssh-dss.pub)
>     it uses the ones i saved in the /etc/ssh2/hostkeys directory (e.g.
>     key_22_xxx.pub).
>     
> --
> 
> Michael Bruns
> Max-Planck-Institut fuer Aeronomie
> Max-Planck-Strasse 2
> 37191 Katlenburg-Lindau (Germany)
> 
> 
> 
> ------------------------------------------------------------------------
> 
> debug: SshAppCommon/sshappcommon.c:154: Allocating global SshRegex context.
> debug: SshConfig/sshconfig.c:2268: Configuration file version 1.1.
> debug: SshConfig/sshconfig.c:2291: Metaconfig specifies regex style 'EGREP'.
> debug: SshConfig/sshconfig.c:2357: Found heading '.*:'.
> debug: SshConfig/sshconfig.c:2184: Unable to open /home/xxx/.ssh2/ssh2_config
> debug: Ssh2/ssh2.c:1396: remote host = "consun2"
> debug: Connecting to consun2, port 22...
> debug: Ssh2Client/sshclient.c:1330: Creating transport protocol.
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: none, key_len: 16.
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: none, key_len: 16.
> debug: SshAuthMethodClient/sshauthmethodc.c:137: Added "hostbased" to usable methods.
> debug: Ssh2Client/sshclient.c:1362: Creating userauth protocol.
> debug: client supports 1 auth methods: 'hostbased'
> debug: Ssh2Common/sshcommon.c:496: local ip = 134.76.237.10, local port = 65227
> debug: Ssh2Common/sshcommon.c:498: remote ip = 134.76.237.10, remote port = 22
> debug: Ssh2Common/sshcommon.c:369: remote hostname is "134.76.237.10".
> debug: SshConnection/sshconn.c:1889: Wrapping...
> debug: Ssh2/ssh2.c:1956: Entering event loop.
> debug: Remote version: SSH-1.99-3.0.1 SSH Secure Shell (non-commercial)
> debug: Major: 3 Minor: 0 Revision: 1
> debug: SshProtoTrKex/trkex.c:457: Making first key exchange packet.
> debug: Ssh2Transport/trcommon.c:1528: Computing algorithms from key exchange.
> debug: Ssh2Transport/trcommon.c:1717: lang s to c: `', lang c to s: `'
> debug: Ssh2Transport/trcommon.c:1783: c_to_s: cipher aes128-cbc, mac hmac-sha1, 
>compression none
> debug: Ssh2Transport/trcommon.c:1786: s_to_c: cipher aes128-cbc, mac hmac-sha1, 
>compression none
> debug: SshProtoTrKex/trkex.c:457: Making first key exchange packet.
> debug: SshKeyFile/sshkeyfile.c:353: file /home/xxx/.ssh2/hostkeys/key_22_consun2.pub 
>does not exist.
> debug: Remote host key found from database.
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: aes128-cbc, key_len: 
>16.
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: aes128-cbc, key_len: 
>16.
> debug: Ssh2Common/sshcommon.c:291: Received SSH_CROSS_STARTUP packet from connection 
>protocol.
> debug: Ssh2Common/sshcommon.c:341: Received SSH_CROSS_ALGORITHMS packet from 
>connection protocol.
> debug: server offers auth methods 'hostbased,publickey,password'.
> debug: SshConfig/sshconfig.c:2268: Configuration file version 1.1.
> debug: SshConfig/sshconfig.c:2291: Metaconfig specifies regex style 'EGREP'.
> debug: SshHostKeyIO/sshhostkeyio.c:220: Host key algorithms: ssh-dss
> debug: Ssh2AuthHostBasedClient/authc-hostbased.c:672: Child: Execing 
>ssh-signer...(path: /opt/this/bin/ssh-signer2)
> debug: Ssh2AuthHostBasedClient/authc-hostbased.c:116: Trying "hostbased" 
>authentication with `ssh-dss' key.
> debug: Ssh2AuthHostBasedClient/authc-hostbased.c:290: Sending packet...
> debug: Ssh2AuthHostBasedClient/authc-hostbased.c:390: ssh-signer returned 
>SSH_AUTH_HOSTBASED_SIGNATURE
> debug: server offers auth methods 'hostbased,publickey,password'.
> debug: Ssh2AuthClient/sshauthc.c:316: Method 'hostbased' disabled.
> debug: Ssh2AuthHostBasedClient/authc-hostbased.c:91: No more keys to try.
> debug: ssh_pipe_stream_destroy
> debug: ssh_sigchld_real_callback
> debug: ssh_sigchld_process_pid: no handler for pid 14451 code 0
> debug: server offers auth methods 'hostbased,publickey,password'.
> debug: Ssh2Common/sshcommon.c:137: DISCONNECT received: No further authentication 
>methods available.
> warning: Authentication failed.
> debug: Ssh2/ssh2.c:117: locally_generated = TRUE
> Disconnected; no more authentication methods available (No further authentication 
>methods available.).
> debug: Ssh2Client/sshclient.c:1395: Destroying client.
> debug: SshConnection/sshconn.c:1937: Destroying SshConn object.
> debug: Ssh2Transport/trcommon.c:532: Destroying SshTransportCommon object.
> debug: SshAuthMethodClient/sshauthmethodc.c:155: Calling notification callback.
> debug: Ssh2Client/sshclient.c:1448: Destroying client completed.
> debug: SshAuthMethodClient/sshauthmethodc.c:162: Destroying authentication method 
>array.
> debug: SshEventLoop/sshunixeloop.c:769: Reissuing signal for which callback was not 
>yet delivered.
> 
> 
> ------------------------------------------------------------------------
> 
> debug: SshAppCommon/sshappcommon.c:154: Allocating global SshRegex context.
> debug: SshConfig/sshconfig.c:2268: Configuration file version 1.1.
> debug: SshConfig/sshconfig.c:2291: Metaconfig specifies regex style 'EGREP'.
> sshd2: SSH Secure Shell 3.0.1 (non-commercial version) on sparc-sun-solaris2.6
> debug: SshHostKeyIO/sshhostkeyio.c:220: Host key algorithms: ssh-dss
> debug: Becoming server.
> debug: Creating listener
> debug: Listener created
> debug: no udp listener created.
> debug: Running event loop
> debug: Sshd2/sshd2.c:1062: new_connection_callback
> debug: Sshd2/sshd2.c:1214: Wrapping stream with ssh_server_wrap...
> debug: ssh_server_wrap: creating transport protocol
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: none, key_len: 16.
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: none, key_len: 16.
> debug: SshAuthMethodServer/sshauthmethods.c:118: Added "hostbased" to usable methods.
> debug: SshAuthMethodServer/sshauthmethods.c:118: Added "publickey" to usable methods.
> debug: SshAuthMethodServer/sshauthmethods.c:118: Added "password" to usable methods.
> debug: SshAuthMethodServer/sshauthmethods.c:133: Added "[EMAIL PROTECTED]" to usable 
>methods.
> debug: ssh_server_wrap: creating userauth protocol
> debug: Ssh2Common/sshcommon.c:496: local ip = 134.76.237.10, local port = 22
> debug: Ssh2Common/sshcommon.c:498: remote ip = 134.76.237.10, remote port = 65227
> debug: Ssh2Common/sshcommon.c:369: remote hostname is "consun2.mpae.gwdg.de".
> debug: SshConnection/sshconn.c:1889: Wrapping...
> debug: Sshd2/sshd2.c:1232: done.
> debug: new_connection_callback returning
> debug: Remote version: SSH-1.99-3.0.1 SSH Secure Shell (non-commercial)
> debug: Major: 3 Minor: 0 Revision: 1
> debug: Ssh2Transport/trcommon.c:1528: Computing algorithms from key exchange.
> debug: Ssh2Transport/trcommon.c:1717: lang s to c: `', lang c to s: `'
> debug: Ssh2Transport/trcommon.c:1783: c_to_s: cipher aes128-cbc, mac hmac-sha1, 
>compression none
> debug: Ssh2Transport/trcommon.c:1786: s_to_c: cipher aes128-cbc, mac hmac-sha1, 
>compression none
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: aes128-cbc, key_len: 
>16.
> debug: Ssh2Transport/trcommon.c:2335: Allocating cipher: name: aes128-cbc, key_len: 
>16.
> debug: Sshd2/sshd2.c:593: user 'xxx' service 'ssh-connection' client_ip 
>'134.76.237.10' client_port '65227' completed ''
> debug: Sshd2/sshd2.c:901: output: hostbased,publickey,password
> debug: Ssh2AuthHostBasedRhosts/auths-hostbased-rhosts.c:370: 
>hostbased-authentication (rhosts) refused: client user 'xxx', server user 'xxx', 
>client host 'consun2.mpae.gwdg.de'.
> debug: ssh_sigchld_real_callback
> debug: Ssh2Transport/trcommon.c:991: Disconnecting: reason code: 14 message: 'No 
>further authentication methods available.'
> debug: Ssh2Common/sshcommon.c:137: DISCONNECT received: No further authentication 
>methods available.
> debug: Sshd2/sshd2.c:184: locally_generated = FALSE
> debug: SshServer/sshserver.c:187: Destroying server.
> debug: SshConnection/sshconn.c:1937: Destroying SshConn object.
> debug: SshAuthMethodServer/sshauthmethods.c:150: Calling notification callback.
> debug: SshServer/sshserver.c:209: Destroying server completed.
> debug: SshAuthMethodServer/sshauthmethods.c:157: Destroying authentication method 
>array.
> debug: Ssh2Transport/trcommon.c:532: Destroying SshTransportCommon object.
> debug: Exiting event loop
> debug: SshAppCommon/sshappcommon.c:168: Freeing global SshRegex context.
> 
> 
> ------------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> ssh2-d3
> 
> Content-Description:
> 
> ssh2-d3
> Content-Type:
> 
> TEXT/plain
> Content-Encoding:
> 
> BASE64
> 
> 
> ------------------------------------------------------------------------
> sshd2-d3
> 
> Content-Description:
> 
> sshd2-d3
> Content-Type:
> 
> TEXT/plain
> Content-Encoding:
> 
> BASE64
> 
> 
> ------------------------------------------------------------------------
> Part 1.4
> 
> Content-Type:
> 
> text/plain
> 
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: hostbased authentication

Reply via email to
