Sorry if this message is long but I wanted to be sure and include as much information as may be needed. I have several machines running ssh1 (ssh-1.2.27, ssh-1.2.30) and I upgraded them to ssh2 (ssh-2.2.0.tar.gz). They're all working as far as being able to connect to them and having both ssh1 and ssh2 functionality available. I'm attempting to get hostbased authentication working between them but have only gotten it to work between two machines. I have read and re-read the FAQ and followed the steps outlined there (which is how I did get two of the machines to work). The hostkey.pub file was copied from the client machine to the target machine as: /etc/ssh2/knownhosts/server1.foo.com.ssh-dss.pub The pub files were also copied so the name only had the hostname (server1.ssh-dss.pub). The sshd2_config file was edited to include "hostbased" for AllowedAuthentications. The .shosts file was created, the connecting machines hostname (just the hostname and fqdn) added as was the usernames that would be connected. The DefaultDomain was added in ssh2_config on all machines and then sshd was restarted on all servers. I also looked through some of the past messages and one of the suggestions was to add the line "DefaultDomain" into the ssh2_config file. Another suggestion was to add just the hostname into the .shosts file (I now have just the host name and the fully qualified hostname in that file). Here is the output when I use the verbose, "-v" flag, mode in connecting between machines. The first one is a successful connection using hostbased authentication and the second two are ones which failed. I do notice the line in the example where the authentication didn't work: debug: Unable to open /root/.ssh2/identification I can't find the file called "identification" on any of these machines, either the ones that don't work or the ones where hostbased did work. server2 to server1 (in this case, the hostbased authentication worked) server2# ssh -v server1.foo.com warning: Development-time debugging not compiled in. warning: To enable, configure with --enable-debug and recompile. debug: hostname is 'server1.foo.com'. debug: Unable to open /root/.ssh2/ssh2_config warning: Development-time debugging not compiled in. warning: To enable, configure with --enable-debug and recompile. debug: connecting to server1.foo.com... debug: entering event loop debug: ssh_client_wrap: creating transport protocol debug: Ssh2Client/sshclient.c:1097/ssh_client_wrap: creating userauth protocol debug: Remote version: SSH-1.99-2.2.0 SSH Secure Shell (non-commercial) debug: Ssh2Client/sshclient.c:399/keycheck_key_match: Host key found from database. debug: Ssh2AuthHostBasedClient/authc-hostbased.c:597/ssh_client_auth_hostbased: Child: Execing ssh-signer...(path: ssh-signer2) debug: Ssh2AuthHostBasedClient/authc-hostbased.c:325/auth_hostbased_received_packet: ssh-signer returned SSH_AUTH_HOSTBASED_SIGNATURE debug: ssh_pipe_stream_destroy debug: ssh_sigchld_real_callback debug: ssh_sigchld_process_pid: no handler for pid 82315 code 0 Authentication successful. debug: DISPLAY not set; X11 forwarding disabled. Last login: Mon Jul 31 2000 17:52:08 -0500 from server2.foo.com SERVER1 to Target (in this case, the hostbased authentication failed) server2# ssh -v target.foo.com warning: Development-time debugging not compiled in. warning: To enable, configure with --enable-debug and recompile. debug: hostname is 'target.foo.com'. debug: Unable to open /root/.ssh2/ssh2_config warning: Development-time debugging not compiled in. warning: To enable, configure with --enable-debug and recompile. debug: connecting to target.foo.com... debug: entering event loop debug: ssh_client_wrap: creating transport protocol debug: Ssh2Client/sshclient.c:1097/ssh_client_wrap: creating userauth protocol debug: Remote version: SSH-1.99-2.2.0 SSH Secure Shell (non-commercial) debug: Ssh2Client/sshclient.c:399/keycheck_key_match: Host key found from database. debug: Ssh2AuthHostBasedClient/authc-hostbased.c:597/ssh_client_auth_hostbased: Child: Execing ssh-signer...(path: ssh-signer2) debug: Ssh2AuthHostBasedClient/authc-hostbased.c:325/auth_hostbased_received_packet: ssh-signer returned SSH_AUTH_HOSTBASED_SIGNATURE debug: ssh_pipe_stream_destroy debug: ssh_sigchld_real_callback debug: ssh_sigchld_process_pid: no handler for pid 82332 code 0 debug: Unable to open /root/.ssh2/identification debug: Ssh2AuthClient/sshauthc.c:309/ssh_authc_completion_proc: Method 'publickey' disabled. debug: Ssh2AuthPasswdClient/authc-passwd.c:82/ssh_client_auth_passwd: Starting password query... root's password: Authentication successful. debug: DISPLAY not set; X11 forwarding disabled. Last login: Mon Jul 31 2000 17:54:40 -0500 Any information would be appreciated. Thanks, Oscar
