Re: OpenSSH hostbased auth: known_hosts format

From: Nico Kadel-Garcia (nkadel@bellatlantic.net)
Date: 02/27/02 

From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net>
Date: Wed, 27 Feb 2002 18:00:22 GMT

"Philip Le Riche" <gr75@bcs.org.uk> wrote in message
news:Pine.GSU.4.03.10202271723001.27502-100000@angel2.cityscape.co.uk...
> I'm trying to get hostbased authentication to work using OpenSSH 3.0.2.1,
> downloaded prebuilt for AIX (with oldlibc) from the Bull Freeware site.
> I'm using protocol 2. It won't play ball.
>
> I've appended /etc/openssh/ssh_host_dsa_key.pub on each machine to
> /etc/ssh_known_hosts on the other.
>
> I've enabled HostbasedAuthentication in ssh_config and sshd_config.

Did you list the /etc/openssh/ssh_host_dsa_key and
/etc/openssh/ssh_host_rsa_key as being valid keys in
/etc/openssh/sshd_config on each of the servers? Do you see errors about
this when starting your sshd?

If you upgraded your SSH from a considerably older version, I've noticed
that a bunch of the installation procedures do *not* corrrectly update the
sshd_config file.

> I've added IgnoreRhosts = no on the server.
>
> I've tried UsePrivilegedPort in ssh_config.
>
> I've torn out one or two handfuls of hair.
>
> I even read the man page. And in SSHD(8) under SSH_KNOWN_HOSTS FILE FORMAT
> it says that each line starts with hostnames, bits, exponent. But DSA keys
> don't seem to have bits or exponent.
>
> Is the man page wrong, or do I still need to sacrifice a couple more
> virgins in front of it?
>
> - Philip
>