I just figured it out myself. Root must have a ~/.shosts and "IgnoreRhosts no". I
was even able to get it working with protocol 2.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ed
> Henderson
> Sent: Friday, May 18, 2001 11:58 AM
> To: [EMAIL PROTECTED]
> Subject: Trouble with root login and hostbased authentication
>
>
> I have successfully gotten ssh to work with non-root users in
> "BatchMode yes" but can't get root to work at all (in
> Protocol 1 only. 2 doesn't work well). I compiled sshd with
> libwrap support. I have created /etc/ssh/shosts.equiv. Here
> are some settings from sshd_config:
> Protocol 1
> PermitRootLogin yes
> IgnoreRhosts yes
> IgnoreUserKnownHosts yes
> RhostsAuthentication no
> RhostsRSAAuthentication yes
> HostbasedAuthentication yes
> RSAAuthentication yes
>
> Also some snips from ssh_config (gen is the hostname of the
> sshd server):
> Host gen
> BatchMode yes
> RhostsAuthentication no
> RhostsRSAAuthentication yes
> HostbasedAuthentication yes
>
> Output from sshd -d:
> gen:/etc/ssh> /usr/local/sbin/sshd -d
> debug1: Seeded RNG with 33 bytes from programs
> debug1: Seeded RNG with 3 bytes from system calls
> debug1: sshd version OpenSSH_2.9p1
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> Connection from 192.168.100.101 port 32910
> debug1: Client protocol version 1.5; client software version
> OpenSSH_2.9p1
> debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
> debug1: Local version string SSH-1.5-OpenSSH_2.9p1
> debug1: Rhosts Authentication disabled, originating port not trusted.
> debug1: Sent 768 bit server key and 1024 bit host key.
> debug1: Encryption type: 3des
> debug1: Received session key; encryption turned on.
> debug1: Installing crc compensation attack detector.
> debug1: Attempting authentication for root.
> debug1: Trying rhosts with RSA host authentication for client
> user root
> debug1: temporarily_use_uid: 0/1 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 0/1 (e=0)
> debug1: restore_uid
> Failed rhosts-rsa for ROOT from 192.168.100.101 port 32910 ruser root
> Connection closed by 192.168.100.101
> debug1: Calling cleanup 0x80835dc(0x0)
> debug1: Calling cleanup 0x8088940(0x0)
> debug1: writing PRNG seed to file /root/.ssh/prng_seed
>
> Ouput from ssh -v:
> ssh -v gen "cat /etc/passwd"
> OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for gen
> debug1: Applying options for *
> debug1: Seeded RNG with 33 bytes from programs
> debug1: Seeded RNG with 3 bytes from system calls
> debug1: Rhosts Authentication disabled, originating port will
> not be trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 0 geteuid 0 anon 1
> debug1: Connecting to gen [192.168.100.100] port 22.
> debug1: temporarily_use_uid: 0/1 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 0/1 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.5, remote software version
> OpenSSH_2.9p1
> debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
> debug1: Local version string SSH-1.5-OpenSSH_2.9p1
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key
> (1024 bits).
> debug1: Host 'gen' is known and matches the RSA1 host key.
> debug1: Found key in /root/.ssh/known_hosts:1
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Trying rhosts or /etc/hosts.equiv with RSA host
> authentication.
> debug1: Server refused our rhosts authentication or host key.
> Permission denied.
> debug1: Calling cleanup 0x807f7a0(0x0)
> debug1: Calling cleanup 0x8084b04(0x0)
> debug1: writing PRNG seed to file /root/.ssh/prng_seed
>
>
> Thanks for any help,
> Ed.
>
