OpenSSH 3.8p1, Solaris 9, hostbased auth problem
From: Andy C. (chaplina_at_hotmail.com)
Date: 04/29/04
- Next message: Raheel Zamir: "RSA ACE/Agent 5.0 Problems on Linux 7.3"
- Previous message: Darren Dunham: "Re: How to resume an scp transfer?"
- Next in thread: Darren Tucker: "Re: OpenSSH 3.8p1, Solaris 9, hostbased auth problem"
- Reply: Darren Tucker: "Re: OpenSSH 3.8p1, Solaris 9, hostbased auth problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Apr 2004 14:31:12 -0700
Client and Server: Solaris 9, OpenSSH 3.8p1 sunfreeware
Sun's ssh has been removed including /etc/ssh doesn't exist (i.e. no
old config files around)
ssh/sshd config files are setup to use hostbased auth based upon
OpenSSH man pages and snailbook.com FAQ
public keys are in ssh_known_hosts2 (grabbed using ssh-keyscan)
/etc/(s)hosts.equiv exists and is world readable
ssh-keysign is suid root and "EnableSSHKeysign yes" is in ssh_config
Situation: hostbased auth only works when I suid the ssh binary
Here's an edited snippet of debug output (-vvv)from ssh client when
suid is not set:
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename
/users/chaplina/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename
/usr/local/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/users/chaplina/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename
/usr/local/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: match line 1
debug1: Host 'server.fqdn' is known and matches the RSA host key.
debug1: Found key in /usr/local/etc/ssh_known_hosts2:1
debug2: bits set: 498/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /users/chaplina/.ssh/id_rsa (0)
debug2: key: /users/chaplina/.ssh/id_dsa (0)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list
publickey,password,keyboard-interactive,hostbased
debug3: preferred hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
Here's the edited snippet when suid is set:
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename
/users/chaplina/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename
/usr/local/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/users/chaplina/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename
/usr/local/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: match line 1
debug1: Host 'server.fqdn' is known and matches the RSA host key.
debug1: Found key in /usr/local/etc/ssh_known_hosts2:1
debug2: bits set: 498/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /users/chaplina/.ssh/id_rsa (0)
debug2: key: /users/chaplina/.ssh/id_dsa (0)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list
publickey,password,keyboard-interactive,hostbased
debug3: preferred hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost gort.canisius.edu.
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted for client.fqdn [client ip] by
/etc/hosts.equiv.
debug1: Authentication succeeded (hostbased).
Any ideas?
...Andy
- Next message: Raheel Zamir: "RSA ACE/Agent 5.0 Problems on Linux 7.3"
- Previous message: Darren Dunham: "Re: How to resume an scp transfer?"
- Next in thread: Darren Tucker: "Re: OpenSSH 3.8p1, Solaris 9, hostbased auth problem"
- Reply: Darren Tucker: "Re: OpenSSH 3.8p1, Solaris 9, hostbased auth problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
