ssh help

From: Maccy (maccy@maccomms.co.uk)
Date: 05/27/02


Date: Mon, 27 May 2002 12:36:23 +0000 (GMT)
From: Maccy <maccy@maccomms.co.uk>
To: focus-sun@securityfocus.com


Hi folks,

I recently upgraded our version of openssh to :-

OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f

However I now cannot get host based authentication to work as it did
before....can anyone suggest what I might look at to get it
working? Here's my sshd_config. Any suggestions VERY gratefully received!

# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

# This sshd was compiled with
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
Protocol 1
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts no
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_host
s
RhostsRSAAuthentication yes
# similar for protocol version 2
HostbasedAuthentication yes
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/local/libexec/sftp-server

Regards

Maccy



Relevant Pages

  • SSH Close to working, but need help!
    ... connecting to host with "public authentication failed for user xxx" ... Protocol 2,1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
    (comp.security.ssh)
  • ssh problems
    ... # HostKeys for protocol version 2 ... # Use PAM authentication via keyboard-interactive so PAM modules can ... # To enable empty passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ...
    (Debian-User)
  • Re: secure server policy
    ... Authentication data to DC is already protected using Kerberos protocol (by ... >> Be very careful with ipsec policies. ...
    (microsoft.public.win2000.security)
  • Re: Design for ASP.Net w/ ComponentServices
    ... the AD inccooporeted the KDC Kerberos Distribution Center - port 88) ... If you prefer to use the more secure Digest authentication ... protocol to authenticate your users to the Web server, ... The Digest authentication protocol (which Microsoft Internet ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... until a user logon event. ... the Netdiag utility will show the Kerberos error in this scenario ... On these machines I ... me a plausible starting point to solve my Kerberos authentication problem. ...
    (microsoft.public.windows.server.security)