Hi,
I am trying to get "hostbased" authentication to work in ssh2.
I put "allowedauthentications hostbased" in the sshd2_config and also in
ssh2_config and removed the "requiredauthentications" keyword. I edited
the /etc/shosts.equiv and added the line "nocdesk08". I just so happen
to be trying to connect to my own box from my own box. I use "ssh
nocdesk08" to try and connect. I am using ssh2 version 3.0.1 with
Solaris 8 on sparc.
On the server logs I get the following message (which by the way is not
going to /var/adm/messages ;( )
Oct 18 11:11:50 nocdesk08 sshd2[3330]: Client gave us a hostname
('nocdesk08.noc.local.') which doesn't match the one we got from DNS
('nocdesk08.') (trusting that client is valid, if signature verification
succeeds)
Oct 18 11:11:50 nocdesk08 sshd2[3330]: hostbased-authentication (rhosts)
refused: client user 'dbaldwin', server user 'dbaldwin', client host
'nocdesk08.noc.local'.
I have the lines;
HostbasedAuthForceClientHostnameDNSMatch no
RequireReverseMapping no
In sshd2_config
On the client the verbose output looks like this:
[dbaldwin@nocdesk08 .ssh2]$ ssh nocdesk08
debug: Connecting to nocdesk08, port 22...
debug: Ssh2Client/sshclient.c:1330/ssh_client_wrap: Creating transport
protocol.
debug:
SshAuthMethodClient/sshauthmethodc.c:137/ssh_client_authentication_initi
alize: Added "hostbased" to usable methods.
debug: Ssh2Client/sshclient.c:1362/ssh_client_wrap: Creating userauth
protocol.
debug: client supports 1 auth methods: 'hostbased'
debug: Ssh2Common/sshcommon.c:496/ssh_common_wrap: local ip =
::ffff:c0a8:7c6c, local port = 33386
debug: Ssh2Common/sshcommon.c:498/ssh_common_wrap: remote ip =
192.168.124.108, remote port = 22
debug: SshConnection/sshconn.c:1889/ssh_conn_wrap: Wrapping...
debug: Ssh2/ssh2.c:1956/main: Entering event loop.
debug: Remote version: SSH-2.0-3.0.1 SSH Secure Shell (non-commercial)
debug: Major: 3 Minor: 0 Revision: 1
debug: Ssh2Transport/trcommon.c:1717/ssh_tr_negotiate: lang s to c: `',
lang c to s: `'
debug: Ssh2Transport/trcommon.c:1783/ssh_tr_negotiate: c_to_s: cipher
aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1786/ssh_tr_negotiate: s_to_c: cipher
aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:291/ssh_common_special: Received
SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:341/ssh_common_special: Received
SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'hostbased'.
debug: SshHostKeyIO/sshhostkeyio.c:220/ssh_host_key_read_keys: Host key
algorithms: ssh-dss
debug:
Ssh2AuthHostBasedClient/authc-hostbased.c:672/ssh_client_auth_hostbased:
Child: Execing ssh-signer...(path: /usr/local/bin/ssh-signer2)
debug:
Ssh2AuthHostBasedClient/authc-hostbased.c:116/hostbased_init_pubkey:
Trying "hostbased" authentication with `ssh-dss' key.
debug:
Ssh2AuthHostBasedClient/authc-hostbased.c:390/auth_hostbased_received_pa
cket: ssh-signer returned SSH_AUTH_HOSTBASED_SIGNATURE
debug: server offers auth methods 'hostbased'.
debug: Ssh2AuthClient/sshauthc.c:316/ssh_authc_completion_proc: Method
'hostbased' disabled.
debug:
Ssh2AuthHostBasedClient/authc-hostbased.c:91/hostbased_init_pubkey: No
more keys to try.
debug: ssh_pipe_stream_destroy
debug: server offers auth methods 'hostbased'.
debug: Ssh2Common/sshcommon.c:137/ssh_common_disconnect: DISCONNECT
received: No further authentication methods available.
warning: Authentication failed.
debug: Ssh2/ssh2.c:117/client_disconnect: locally_generated = TRUE
Disconnected; no more authentication methods available (No further
authentication methods available.).
debug: Ssh2Client/sshclient.c:1395/ssh_client_destroy: Destroying
client.
debug: SshConnection/sshconn.c:1937/ssh_conn_destroy: Destroying SshConn
object.
debug: Ssh2Client/sshclient.c:1448/ssh_client_destroy_finalize:
Destroying client completed.
debug:
SshAuthMethodClient/sshauthmethodc.c:162/ssh_client_authentication_unini
tialize: Destroying authentication method array.
debug: SshEventLoop/sshunixeloop.c:769/ssh_unregister_signal: Reissuing
signal for which callback was not yet delivered.
[dbaldwin@nocdesk08 .ssh2]$
Thanks in advance for any suggestions,
Dave Baldwin
RHCE, NOC System Engineer
Network Insight, LLC
www.networkinsight.com
Main: 858-450-1180 Ext. 8294
Direct: 858-362-8294
Mobile: 619-726-5485
Fax: 858-450-1141
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
