I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host the following error occurs: debug3: authmethod_is_enabled hostbased debug1: next auth method to try is hostbased debug2: userauth_hostbased: chost <host> debug2: we did not send a packet, disable method What does this mean ? I enabled HostbasedAuthentication in /etc/ssh/ssh_config and as it looks, this setting is used correctly. So what's wrong ? - Alex
your ssh client cannot read the hostkey (setuid?). On Mon, Oct 29, 2001 at 11:12:11AM +0100, Dost, Alexander wrote:> I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host > the following error occurs: > > debug3: authmethod_is_enabled hostbased > debug1: next auth method to try is hostbased > debug2: userauth_hostbased: chost <host> > debug2: we did not send a packet, disable method > > What does this mean ? I enabled HostbasedAuthentication in > /etc/ssh/ssh_config and as it looks, this setting is used correctly. So > what's wrong ? > > - Alex >
Ok. Seems to be a problem within the package we use for ssh. suid was not set. Thanks. Next step: now I get: debug2: xxx: chost <host> debug2: we sent a hostbased packet, wait for reply debug1: Remote: Accepted for <host> by /etc/hosts.equiv. debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug2: userauth_hostbased: chost <host> debug2: we did not send a packet, disable method ... now it tries the other authentications.. Whats the problem this time ?> -----Original Message----- > From: Markus Friedl [SMTP:markus at openbsd.org] > Sent: Monday, October 29, 2001 11:20 > To: Dost, Alexander > Cc: openssh-unix-dev at mindrot.org > Subject: Re: HostbasedAuthentication problem > > your ssh client cannot read the hostkey (setuid?). > > On Mon, Oct 29, 2001 at 11:12:11AM +0100, Dost, Alexander wrote: > > I'm trying to use HostbasedAuthentication. Running ssh -v -v -v > user at host > > the following error occurs: > > > > debug3: authmethod_is_enabled hostbased > > debug1: next auth method to try is hostbased > > debug2: userauth_hostbased: chost <host> > > debug2: we did not send a packet, disable method > > > > What does this mean ? I enabled HostbasedAuthentication in > > /etc/ssh/ssh_config and as it looks, this setting is used correctly. So > > what's wrong ? > > > > - Alex > >If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender.
I use another base-dir for the installation, but in the corresponding etc directory is the file ssh_known_hosts, which is readable for everyone and contains the rsa and dsa keys, I got with ssh-keyscan from the machine, where I try to ssh from. Is there anything else to do ? I tried a link to /etc/ssh_known_hosts just to see if ssh always looks there... On the machine running sshd there is the hint that hostbased auth is tried first with ssh-dss and then with ssh-rsa, both of them fail, but no hint, why.> -----Original Message----- > From: Markus Friedl [SMTP:markus at openbsd.org] > Sent: Monday, October 29, 2001 11:51 > To: Dost, Alexander > Cc: openssh-unix-dev at mindrot.org > Subject: Re: HostbasedAuthentication problem > > sshd(8), ssh(1), check /etc/ssh_known_hosts* > > On Mon, Oct 29, 2001 at 11:46:54AM +0100, Dost, Alexander wrote: > > Ok. Seems to be a problem within the package we use for ssh. suid was > not > > set. Thanks. > > Next step: > > now I get: > > debug2: xxx: chost <host> > > debug2: we sent a hostbased packet, wait for reply > > debug1: Remote: Accepted for <host> by /etc/hosts.equiv. > > debug1: authentications that can continue: > > publickey,password,keyboard-interactive,hostbased > > debug2: userauth_hostbased: chost <host> > > debug2: we did not send a packet, disable method > > ... > > now it tries the other authentications.. > > Whats the problem this time ? > > > > > -----Original Message----- > > > From: Markus Friedl [SMTP:markus at openbsd.org] > > > Sent: Monday, October 29, 2001 11:20 > > > To: Dost, Alexander > > > Cc: openssh-unix-dev at mindrot.org > > > Subject: Re: HostbasedAuthentication problem > > > > > > your ssh client cannot read the hostkey (setuid?). > > > > > > On Mon, Oct 29, 2001 at 11:12:11AM +0100, Dost, Alexander wrote: > > > > I'm trying to use HostbasedAuthentication. Running ssh -v -v -v > > > user at host > > > > the following error occurs: > > > > > > > > debug3: authmethod_is_enabled hostbased > > > > debug1: next auth method to try is hostbased > > > > debug2: userauth_hostbased: chost <host> > > > > debug2: we did not send a packet, disable method > > > > > > > > What does this mean ? I enabled HostbasedAuthentication in > > > > /etc/ssh/ssh_config and as it looks, this setting is used correctly. > So > > > > what's wrong ? > > > > > > > > - Alex > > > > > > > > > > If you have received this e-mail in error or wish to read our e-mail > disclaimer statement and monitoring policy, please refer to > > http://www.drkw.com/disc/email/ or contact the sender.
On Mon, Oct 29, 2001 at 12:26:11PM +0100, Dost, Alexander wrote:> I use another base-dir for the installation, but in the corresponding etc > directory is the file ssh_known_hosts, which is readable for everyone and > contains the rsa and dsa keys, I got with ssh-keyscan from the machine, > where I try to ssh from. Is there anything else to do ? I tried a link to > /etc/ssh_known_hosts just to see if ssh always looks there... > On the machine running sshd there is the hint that hostbased auth is tried > first with ssh-dss and then with ssh-rsa, both of them fail, but no hint, > why.what is the sshd debug output? make sure chost from the ssh output is in ssh_known_hosts -m
Ok. That did it. There was a problem with short/long names. As we use DNS, the names are resolved to long names, and ssh-keyscan delivered only short names. Changing the ssh_known_hosts-entries to long names made it work. Thanks a lot - Alex> -----Original Message----- > From: Markus Friedl [SMTP:markus at openbsd.org] > Sent: Monday, October 29, 2001 12:47 > To: Dost, Alexander > Cc: openssh-unix-dev at mindrot.org > Subject: Re: HostbasedAuthentication problem > > On Mon, Oct 29, 2001 at 12:26:11PM +0100, Dost, Alexander wrote: > > I use another base-dir for the installation, but in the corresponding > etc > > directory is the file ssh_known_hosts, which is readable for everyone > and > > contains the rsa and dsa keys, I got with ssh-keyscan from the machine, > > where I try to ssh from. Is there anything else to do ? I tried a link > to > > /etc/ssh_known_hosts just to see if ssh always looks there... > > On the machine running sshd there is the hint that hostbased auth is > tried > > first with ssh-dss and then with ssh-rsa, both of them fail, but no > hint, > > why. > > what is the sshd debug output? > > make sure chost from the ssh output is in ssh_known_hosts > > -m
Maybe Matching Threads
- OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
- Hostbased Authentication Question
- Non-root hostname auth problem
- OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
- Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes