OpenSSH 3.4p1 hostbased authentication not working

From: Vincent Fox (vf5@cad.gatech.edu)
Date: 06/28/02 

From: vf5@cad.gatech.edu (Vincent Fox)
Date: Fri, 28 Jun 2002 17:05:24 +0000 (UTC)

I am seeing the same issues as another recent post, hostbased
authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c
patch posted, didn't seem to fix the problem.

Details:
Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d
Key from client ssh_host_?sa_key.pub copied to server /etc/ssh/ssh_known_hosts2
with comma-separated client hostnames added to front and a blank space before
rest of key entry.

debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: match line 1
debug2: check_key_in_hostfiles: key ok for bester.cad.gatech.edu
debug3: mm_answer_keyallowed: key 1323b0 is allowed
debug3: mm_append_debug: Appending debug messages for child
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_send_debug: Sending debug: Accepted for bester.cad.gatech.edu [130.20
7.84.20] by /etc/ssh/shosts.equiv.
debug3: mm_key_verify entering
debug3: mm_request_send entering: type 22
debug3: monitor_read: checking request 22
ssh_rsa_verify: RSA_verify failed: error:04077068:lib(4):func(119):reason(104)
debug1: ssh_rsa_verify: signature incorrect
debug3: mm_answer_keyverify: key 132398 signature unverified
debug3: mm_request_send entering: type 23
Failed hostbased for vf5 from 130.207.84.20 port 33083 ssh2
debug3: mm_request_receive entering
debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY
debug3: mm_request_receive_expect entering: type 23
debug3: mm_request_receive entering
debug2: userauth_hostbased: authenticated 0
Failed hostbased for vf5 from 130.207.84.20 port 33083 ssh2
debug1: userauth-request for user vf5 service ssh-connection method keyboard-int
eractive
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method keyboard-interactive

Still getting an error from ssh_rsa_verify. Additionally I note in the
debug output that despite trying to set in sshd_config the variable
AuthorizedKeysFile /etc/ssh/authorized_keys that ssh -d -d -d output
does not show it checking that file at all. I had to move it to
/etc/ssh/ssh_known_hosts2 to get even this far.

Anyone have any ideas? 

--
	"Who needs horror movies when we have Microsoft"?
	 -- Christine Comaford, PC Week, 27/9/95

Relevant Pages

  • Re: Confounded by PAM and OpenSSH on Solaris 10
    ... If anyone can help me understand OpenSSH and PAM and the various ... debug1: read PEM private key done: type RSA ... debug3: Trying to reverse map address 127.0.0.1. ... debug3: PAM: sshpam_query entering ...
    (comp.security.ssh)
  • HostbasedAuthentication, followed snailbook but not working! :-(
    ... debug1: read PEM private key done: type RSA ... debug2: kex_parse_kexinit: ... debug3: preauth child monitor started ... debug3: mm_request_send entering: type 0 ...
    (comp.security.ssh)
  • Unable to get shell prompt after logon
    ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug1: Entering interactive session. ... debug2: Network child is on pid 950 ... debug3: preauth child monitor started ...
    (SSH)
  • Re: openssh 3.4p1
    ... debug1: read PEM private key done: type RSA ... debug3: preauth child monitor started ... debug3: mm_request_receive entering ... debug2: kex_parse_kexinit: ...
    (comp.security.ssh)
  • public key authentication with openssh on openwrt
    ... was not able to configure public key authentication. ... debug1: Connection established. ... debug3: key_read: missing keytype ... debug3: key_read: missing whitespace ...
    (comp.security.ssh)