Re: Cannot authenticate from RedHat 7.1

From: jms (jmshack@yahoo.com)
Date: 12/28/01


From: jmshack@yahoo.com (jms)
Date: 28 Dec 2001 13:53:26 -0800

Richard Silverman <res@des.jhy.us.ml.com> wrote in message news:<m1l7krscff3.fsf@sys1.des.jhy.us.ml.com>...
> >>>>> "JK" == Jacob Kjelstrup <jacob@iicnet.com> writes:
>
> JK> I think the issue is that I'm going through the AT&T Broadband
> JK> network and sshd is trying to do a reverse DNS lookup on the IP
> JK> address and not finding anything. Apparently this additional
> JK> check only takes place for protocol 1 and not for protocol 2. Is
> JK> this true or am I confused?
>
> Neither protocol requires DNS lookups; some implementations may be
> configured to. SSH2 can have RequireReverseMapping set -- however, it
> doesn't give the behavior you're seeing; you would just get "permission
> denied."
>
> JK> In any event, by forcing the protocol to 1 I was able to use both
> JK> password authentication and public key authentication.
>
> I would troubleshoot this further and get it fixed -- protocol 1 has known
> security weaknesses and is deprecated.

I have the same problem, RedHat 7.2, going to home intranet at @home
(now attbi) going through a NetGear router. I did look at the
/var/log/messages
output on the sshd NAT redirect, and see that INDEED I get a
authentication failure, specifically:

log: Could not reverse map address [some.ip.address.atattbi]

And, yes, giving the -1 option to ssh "fixes" the problem as well.
I'm going
to try and set the RequireReverseMapping in sshd2.config to "no" and
see
if that does indeed fix the problem.