Re: hostbased auth between commercial and OpenSSH

From: Erin Michaud (erin.michaud@tufts.edu)
Date: 12/20/02 

From: Erin Michaud <erin.michaud@tufts.edu>
Date: Fri, 20 Dec 2002 13:35:10 GMT

Sorry, not a very information filled orig. question - I was feeling a
little brain dead!
The server just rejects hostbased from OpenSSH client saying method is
disabled, I feel I'm really close and just missing something simple,
but I can't figure out what:

Client side (OpenSSH) debug snippet (I've got hostbased as only
preferred method in users .ssh/config file):
debug1: authentications that can continue: hostbased,publickey,password
debug3: start over, passed a different list hostbased,publickey,password
debug3: preferred hostbased
debug3: authmethod_lookup hostbased
debug3: remaining preferred:
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost myclienthost
debug2: we sent a hostbased packet, wait for reply
Received disconnect from myserverhost: 12: Authentication method
disabled.
debug1: Calling cleanup 0x20002ef0(0x0)

Server side (commercial SSH) debug snippet:
debug: Becoming server.
debug: Creating listener
debug: Listener created
debug: Running event loop
debug: ssh_server_wrap: creating transport protocol
debug: ssh_server_wrap: creating userauth protocol
debug: new_connection_callback returning
debug: Remote version: SSH-2.0-OpenSSH_3.4p1

debug: ssh_sigchld_real_callback
debug: ssh_sigchld_process_pid: no handler for pid 152072 code 0
debug: Exiting event loop

Serverside syslog output:
Dec 20 08:06:35 myserverhost sshd2[30332]: hostbased-authentication
(rhosts) refused: client user 'myusername', server user 'myusername',
client host 'myclienthost'.
Dec 20 08:06:35 myserverhost sshd2[30332]: Remote host disconnected:
Authentication method disabled. (u
ser 'myusername', client address 'myclienthost:33406', requested service
'ssh-connection')
Dec 20 08:06:35 myserverhost sshd2[30332]: User authentication failed:
'Authentication method disabled.
 (user 'myusername', client address 'myclienthost:33406', requested
service 'ssh-connection')'

Server sshd2_config file:
Port 22
        ListenAddress 0.0.0.0
        Ciphers AnyStd
        IdentityFile identification
        AuthorizationFile authorization
        HostKeyFile hostkey
        PublicHostKeyFile hostkey.pub
        RandomSeedFile random_seed
        ForwardAgent yes
        ForwardX11 yes
        PasswordGuesses 3
        MaxConnections 50
        PermitRootLogin no
        AllowedAuthentications hostbased,publickey,password
        ForcePTTYAllocation no
        VerboseMode no
        PrintMotd yes
        CheckMail yes
        UserConfigDirectory "%D/.ssh2"
        SyslogFacility DAEMON
        Ssh1Compatibility yes
        Sshd1Path /usr/local/ssh2/sshd1
        AllowSHosts myclienthost
        RequireReverseMapping yes {note: tried setting this
no as well, same result)
        UserKnownHosts yes
        subsystem-sftp /usr/local/ssh2/sftp-server

Server side user files:
~/.shosts perms are 600 contents= myclienthost myusername
~/.ssh2/authorization perms are 600 contents=Key myclienthost.id_dsa.pub
and myclienthost.id_dsa.pub (this is the user-generated pub. key from
myclienthost, not host key) is in this directory and myclienthost's
host key has been accepted as a known host.

I think I just need a pair of good eyes to see whatever silly thing I'm
missing that is keeping this from working.....

Erin

"Richard E. Silverman" wrote:
>
> >>>>> "EM" == Erin Michaud <erin.michaud@tufts.edu> writes:
>
> EM> Has anyone been able to get hostbased auth working between a
> EM> commercial-verion ssh server and an OpenSSH client using .shosts?
>
> Yes; what's the problem?
>
> --
> Richard Silverman
> slade@shore.net

Relevant Pages

  • Password authentication fails: SSH secure shell to openssh server
    ... Can connect to OpenSSH server from openSSH client but not from ... SSH Secure Shell Client ... debug: Ssh2/ssh2.c:2121/main: Entering event loop. ...
    (SSH)
  • Connect to a linux box from Windows using RSA authentication
    ... transferred the public key to ... On the client I've got IdKey key in the identification file. ... debug: server offers auth methods 'publickey,password,keyboard-interactive'. ...
    (SSH)
  • Remote Debugging Issue With VS2005
    ... VS2003 on XP HOME to a Server with XP PRO. ... created same user/pwd with admin rights for client & Server. ... modified the DCOM security to allow remote access to Anonymous login ... when i try to debug I have the error message ["Access is denied", ...
    (microsoft.public.vsnet.debugging)
  • Remote Debugging Issue VS2005 (works fine with VS2003)
    ... I fought very hard and succeed to do a remote debug from a client ... VS2003 on XP HOME to a Server with XP PRO. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: What doesnt lend itself to OO?
    ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
    (comp.object)