Re: hostbased authentication
From: Richard E. Silverman (slade@shore.net)Date: 12/21/01
- Previous message: Richard E. Silverman: "Re: ssh and hosts.allow; purpose of ssh"
- In reply to: Dayton Turner: "hostbased authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: slade@shore.net (Richard E. Silverman) Date: 21 Dec 2001 00:37:37 -0500
> it looks liks it tries twice then gives up. (the telus.net address is the
> real reverse of the client trying to access the server)
It doesn't just try twice for the heck of it :) -- it tries once with each
client host key.
> Someone suggested its the dns doing it
Well, it shouldn't be a DNS problem per se. You have
HostbasedUsesNameFromPacketOnly set, which means that the server simply
looks up a key using name in the client's authentication request. You
just have to make sure you use the client's canonical hostname (according
to itself) in the known_hosts list on the server.
> and to change the host name in the known hosts, but using the rsa and
> dsa keys in the known hosts, there doesnt seem to be a place to change
> the hostname.
Huh? A known-hosts entry looks like this:
foo.bar.org,foo,10.1.1.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt...
The hostname and addresses (if any) come first; just change them. If
those are missing, that could be your problem.
If this doesn't clear it up, use server-side debugging ("sshd -d") to
troubleshoot further.
-- Richard Silverman slade@shore.net
- Next message: strube@physik3.gwdg.XPAM.de: "Re: Strange OpenSSH error"
- Previous message: Richard E. Silverman: "Re: ssh and hosts.allow; purpose of ssh"
- In reply to: Dayton Turner: "hostbased authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
