OpenSSH, PAM and Host Based Authentication

• Previous message: Wazza: "Re: Remote protocol version??"
• Next in thread: Richard E. Silverman: "Re: OpenSSH, PAM and Host Based Authentication"
• Reply: Richard E. Silverman: "Re: OpenSSH, PAM and Host Based Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 20 Dec 2004 06:12:05 -0800

Hello,

I'm having a few problems getting the above combination to work as
expected...

I'm trying to get to a situation where my machines will accept host
based
authentication from each other, but require users to log in with a
password from
elsewhere. I've set up a pam stack (using pam_ldap) that works fine
and set up
hosts.equiv and ssh_known_hosts2 However with both...
HostbasedAuthentication yes
And
usePam yes

I am unable to login from the hosts listed in shosts.equiv. doing an
ssh -v -v hostname I see....

debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted for myserver.mydomainl [xxx.xxx.xxx.xxx] by \
/etc/hosts.equiv.

But still get prompted for a password - even if I enter a correct
password I'm still not allowed access.

If I disable HostbasedAuthentication password based login works fine.
Likewise if I
set usePAM no host based authentication works, but then my LDAP users
cannot
authenticate using a password from other machines.

I'm using openSSH 3.9.p1 (from the sunfreeware package) on Solaris 9
sparc with Suns pam_ldap

The non default sections of my sshd_config follow

Protocol 2
PermitRootLogin no
HostbasedAuthentication yes
PasswordAuthentication no
UsePAM yes
PrintMotd no
Banner /usr/local/etc/ssh_banner
Subsystem sftp /usr/local/libexec/sftp-server

• Previous message: Wazza: "Re: Remote protocol version??"
• Next in thread: Richard E. Silverman: "Re: OpenSSH, PAM and Host Based Authentication"
• Reply: Richard E. Silverman: "Re: OpenSSH, PAM and Host Based Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]