1 |
Hi, folks, |
2 |
|
3 |
I'd like to get host based ssh authentication working within |
4 |
all the gentoo boxes on my home network. I've had no |
5 |
success yet - I hope someone can enlighten me! |
6 |
|
7 |
What I've done so far on the server side is: |
8 |
|
9 |
set HostbasedAuthentication yes in sshd_config |
10 |
set HostbasedAuthentication yes in ssh_config |
11 |
added /etc/ssh/shosts.equiv containing names of client boxes |
12 |
added /etc/ssh/ssh_known_hosts containing public host keys of |
13 |
client boxes |
14 |
|
15 |
Client boxes are configured similarly. |
16 |
|
17 |
When I try to ssh from one box to another, I always get a request |
18 |
for a password, which is what I'm trying to avoid. |
19 |
|
20 |
Below is an excerpt from an attempt to ssh from one box to another |
21 |
while requesting the maximum amount of debugging info. It looks |
22 |
like ssh is trying to use host based authentication, but for some |
23 |
reason it fails. I'd appreciate any ideas about what might be |
24 |
going wrong. |
25 |
|
26 |
John Blinka |
27 |
|
28 |
|
29 |
|
30 |
|
31 |
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts |
32 |
debug3: check_host_in_hostfile: match line 5 |
33 |
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts |
34 |
debug3: check_host_in_hostfile: match line 5 |
35 |
debug1: Host 'tobey' is known and matches the RSA host key. |
36 |
debug1: Found key in /root/.ssh/known_hosts:5 |
37 |
debug2: bits set: 469/1024 |
38 |
debug1: ssh_rsa_verify: signature correct |
39 |
debug2: kex_derive_keys |
40 |
debug2: set_newkeys: mode 1 |
41 |
debug1: SSH2_MSG_NEWKEYS sent |
42 |
debug1: expecting SSH2_MSG_NEWKEYS |
43 |
debug2: set_newkeys: mode 0 |
44 |
debug1: SSH2_MSG_NEWKEYS received |
45 |
debug1: SSH2_MSG_SERVICE_REQUEST sent |
46 |
debug2: service_accept: ssh-userauth |
47 |
debug1: SSH2_MSG_SERVICE_ACCEPT received |
48 |
debug2: key: /root/.ssh/identity ((nil)) |
49 |
debug2: key: /root/.ssh/id_rsa (0x8095528) |
50 |
debug2: key: /root/.ssh/id_dsa (0x80964c0) |
51 |
debug1: Authentications that can continue: |
52 |
publickey,keyboard-interactive,hostbased |
53 |
debug3: start over, passed a different list |
54 |
publickey,keyboard-interactive,hostbased |
55 |
debug3: preferred hostbased,publickey,keyboard-interactive,password |
56 |
debug3: authmethod_lookup hostbased |
57 |
debug3: remaining preferred: publickey,keyboard-interactive,password |
58 |
debug3: authmethod_is_enabled hostbased |
59 |
debug1: Next authentication method: hostbased |
60 |
debug2: userauth_hostbased: chost lotus.bluebar.org. |
61 |
debug2: we sent a hostbased packet, wait for reply |
62 |
debug1: Authentications that can continue: |
63 |
publickey,keyboard-interactive,hostbased |
64 |
debug2: userauth_hostbased: chost lotus.bluebar.org. |
65 |
debug2: we sent a hostbased packet, wait for reply |
66 |
debug1: Authentications that can continue: |
67 |
publickey,keyboard-interactive,hostbased |
68 |
debug1: No more client hostkeys for hostbased authentication. |
69 |
debug2: we did not send a packet, disable method |
70 |
|
71 |
-- |
72 |
gentoo-user@g.o mailing list |