Re: Host based authentication sort of works

From: Istvan Viczian (vici_at_dof.se)
Date: 06/04/03

  • Next message: Dexter Turner: "basic port forwarding help" 
    Date: Wed, 04 Jun 2003 13:19:43 +0200
To: Doug Curtis <doug.curtis@world-mail.org>

    Hi Doug,

    > machine, it still prompts for a password. The only time it works is if
    > the local and remote username are root. If either username is changed,
    > it still prompts for a password.

    I have made a further step in this problem, because I could
    login with HostBasedAuthentication, if the local and remote username
    is the same but not root.

    And I have setup the following files (under RedHat 7.3) :
    /root/.shosts
    /etc/hosts.equiv ( the content is the same as /root/.shosts )
    /etc/ssh/ssh_known_hosts ( or /etc/ssh/ssh_known_hosts2 )

    I don't know why the different user id on local and
    remote host is does not work.
    I mean for example:
       [vici@local]# whoami
         vici
       [vici@local]# ssh beci@remote
         beci@remote's password:
       ....

    Maybe hostbased authentication should not allow to use different
    user names in this way.

    But anyway I have tried to setup HostBasedAuthentication using OpenSSH
    on different OS-es with different OpenSSH versions and I wrote a HOWTO
    about it:
    http://www.omega.telia.net/vici/openssh/

    I hope at least it will help You.

    Regards,
    Istvan

    Doug Curtis wrote:
    > I am using Openssh3.4p1 on both the local and remote machines.
    >
    > I have setup a .shosts file in a user's homedir on the remote machine.
    > If I ssh as any normal user from the local machine to the remote
    > machine, it still prompts for a password. The only time it works is if
    > the local and remote username are root. If either username is changed,
    > it still prompts for a password. I do make changes to the shosts file
    > when trying different users.
    >
    > Also, this error message is in the syslog:
    >
    > error: ssh_rsa_verify: RSA_verify failed:
    > error:04077068:lib(4):func(119):reason(104)
    >
    > I tried searching for this error(or any part of it) in the archives but
    > couldn't find anything
    >
    > I have included the important part (I think) of the results of ssh -vvv.
    > Host info and ip info has been replaced with ****
    >
    > debug3: preferred hostbased,password
    > debug3: authmethod_lookup hostbased
    > debug3: remaining preferred: password
    > debug3: authmethod_is_enabled hostbased
    > debug1: next auth method to try is hostbased
    > debug2: userauth_hostbased: chost ****
    > debug1: ssh_keysign called
    > debug3: msg_send: type 2
    > debug3: msg_recv entering
    > debug2: we sent a hostbased packet, wait for reply
    > debug1: Remote: Accepted by .shosts.
    > debug1: Remote: Accepted host **** ip **** client_user joebob
    > server_user doug
    > debug1: authentications that can continue:
    > publickey,password,keyboard-interactive,hostbased
    > debug2: userauth_hostbased: chost ****
    > debug1: ssh_keysign called
    > debug3: msg_send: type 2
    > debug3: msg_recv entering
    > debug2: we sent a hostbased packet, wait for reply
    > debug1: Remote: Accepted by .shosts.
    > debug1: Remote: Accepted host **** ip **** client_user joebob
    > server_user doug
    > debug1: authentications that can continue:
    > publickey,password,keyboard-interactive,hostbased
    > debug1: userauth_hostbased: no more client hostkeys
    > debug2: we did not send a packet, disable method
    > debug3: authmethod_lookup password
    > debug3: remaining preferred:
    > debug3: authmethod_is_enabled password
    > debug1: next auth method to try is password
    > doug@****'s password:
    >
    > If more info is needed, please let me know.
    >
    > Thanks,
    >
    > Doug
    >

  • Next message: Dexter Turner: "basic port forwarding help"
    Loading