Hi, Folks ...
Apologies in advance for the length of this message, but I wanted to
be thorough, and provide as much info as I could. I'm trying to
figure out a problem in trusted-host authentication using AIX hosts
as clients, and a Sun host as the server; either I'm missing
something real obvious, or there might be a bug somewhere in some
piece of software involved here.
-- All of the AIX hosts are at AIX 4.3.3-ML08
-- All of the AIX hosts are using OpenSSH 3.0.1p1, from the same compilation
-- All of the AIX hosts have identical /etc/ssh/ssh_config files
-- The Sun host is running OpenSSH 3.0.2p1 on Solaris 5.6
I'm attempting to get trusted host authentication for protocol 2
working, for a user account (existing on all four systems, with the
same UID and primary GID, but with local home directories, not NFS
mounted).
The following is identical for all of the AIX hosts:
$ ls -l `which ssh` ; ssh -V
-rws--x--x 1 root system 1034732 Dec 02 10:09 /usr/local/bin/ssh
OpenSSH_3.0.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
And on the Sun server:
# /usr/local/sbin/sshd -V
sshd: option requires an argument -- V
sshd version OpenSSH_3.0.2p1
Usage: sshd [options]
...
In order to protect the innocent, I'm replacing the hostnames and IP
addresses in this mail with:
aixhost1 aa.aa.aa.aa
aixhost2 bb.bb.bb.bb
aixhost3 cc.cc.cc.cc
sunhost dd.dd.dd.dd
-- From all AIX systems, trusted-host authentication works fine, with
the three AIX hosts listed in the ~/.shosts file.
-- On one AIX system, trusted-host authentication works IF the user
account is a member of the "system" group. (in the details below,
this system will be "aixhost1")
-- On the other two AIX systems, trusted-host authentication fails,
with no difference seen if the user is a member of the "system" group
or not.
Here is the contents of the /etc/ssh/ssh_config file, which is
identical on all three AIX systems:
Host *
LogLevel ERROR
IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_dsa
IdentityFile ~/.ssh/id_rsa
UserKnownHostsFile ~/.ssh/known_hosts
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
XAuthLocation /usr/bin/X11/xauth
Protocol 2,1
Port 22
KeepAlive no
CheckHostIP yes
StrictHostKeyChecking ask
EscapeChar ~
Cipher 3des
Ciphers
blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
Compression no
CompressionLevel 6
ConnectionAttempts 1
HostKeyAlgorithms ssh-rsa,ssh-dss
UsePrivilegedPort yes
PreferredAuthentications
hostbased,publickey,keyboard-interactive,password
NoHostAuthenticationForLocalhost no
BatchMode no
PasswordAuthentication yes
NumberOfPasswordPrompts 3
RSAAuthentication yes
PubkeyAuthentication yes
UseRsh no
FallBackToRsh no
RhostsAuthentication yes
RhostsRSAAuthentication yes
HostbasedAuthentication yes
ClearAllForwardings no
ForwardAgent yes
ForwardX11 yes
GatewayPorts yes
On the Sun server, here is the /etc/ssh/sshd_config file ...
PidFile /etc/ssh/sshd.pid
Port 22
Protocol 2,1
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts no
IgnoreUserKnownHosts no
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
KeepAlive yes
SyslogFacility DAEMON
LogLevel DEBUG
RhostsAuthentication no
RhostsRSAAuthentication yes
HostbasedAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
UseLogin no
MaxStartups 10:20:40
ReverseMappingCheck no
Subsystem sftp /usr/local/libexec/sftp-server
The following log snippets are from the server-side. I've cut out
what I thought to be irrelevant parts.
===================Test #1 (succeeded)
===================
The user is "patrol", and is in the "system" group ...
aixhost1:patrol 350 /opt/patrol>id
uid=6737(patrol) gid=1012(patrol) groups=0(system)
aixhost1:patrol 351 /opt/patrol>ssh -2 sunhost uptime
1:27pm up 13 day(s), 2:45, 4 users, load average: 0.02, 0.02, 0.02
... and from the sshd server log ...
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: Connection from
aa.aa.aa.aa port 732
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: Client
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: match:
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: Enabling
compatibility mode for protocol 2.0
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: Local
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1:
list_hostkey_types: ssh-rsa,ssh-dss
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: SSH2_MSG_KEXINIT sent
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1:
SSH2_MSG_KEXINIT received
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: kex:
client->server blowfish-cbc hmac-md5 none
Jan 10 13:31:14 sunhost.stanford.edu sshd[6832]: debug1: kex:
server->client blowfish-cbc hmac-md5 none
Jan 10 13:31:14 sunhost.stanford.edu sshd[6804]: debug1: Forked child 6832.
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: dh_gen_key:
priv key bits set: 131/256
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: bits set: 1024/2049
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: bits set: 1030/2049
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: kex_derive_keys
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: newkeys: mode 1
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: SSH2_MSG_NEWKEYS sent
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: waiting for
SSH2_MSG_NEWKEYS
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: newkeys: mode 0
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
SSH2_MSG_NEWKEYS received
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: KEX done
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
userauth-request for user patrol service ssh-connection method none
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: attempt 0 failures 0
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: Failed none for
patrol from aa.aa.aa.aa port 732 ssh2
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
userauth-request for user patrol service ssh-connection method
hostbased
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: attempt 1 failures 1
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
userauth_hostbased: cuser patrol chost aixhost1.Stanford.EDU. pkalg
ssh-dss slen 55
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: restore_uid
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: restore_uid
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: restore_uid
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1:
ssh_dss_verify: signature correct
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: Accepted hostbased
for patrol from aa.aa.aa.aa port 732 ssh2
Jan 10 13:31:15 sunhost.stanford.edu sshd[6832]: debug1: Entering
interactive session for SSH2.
[ the above connection succeeded; the client used a privileged port,
and the server "Accepted hostbased" ]
===================Test #2 (failed)
===================
same system, same user, but removed from the "system" group ...
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: Connection from
aa.aa.aa.aa port 36125
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: Client
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: match:
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: Enabling
compatibility mode for protocol 2.0
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: Local
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:36:35 sunhost.stanford.edu sshd[6843]: debug1: Rhosts
Authentication disabled, originating port 36125 not trusted.
[ note that a privileged port was NOT used, and thus the user was
prompted for a password ]
===================Test #3 (failed)
===================
another system, same user, and user is in the "system" group ...
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: Connection from
bb.bb.bb.bb port 624
Jan 10 13:40:08 sunhost.stanford.edu sshd[6804]: debug1: Forked child 6848.
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: Client
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: match:
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: Enabling
compatibility mode for protocol 2.0
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: Local
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1:
list_hostkey_types: ssh-rsa,ssh-dss
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: SSH2_MSG_KEXINIT sent
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1:
SSH2_MSG_KEXINIT received
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: kex:
client->server blowfish-cbc hmac-md5 none
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: kex:
server->client blowfish-cbc hmac-md5 none
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: dh_gen_key:
priv key bits set: 130/256
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: bits set: 1031/2049
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT
Jan 10 13:40:08 sunhost.stanford.edu sshd[6848]: debug1: bits set: 1025/2049
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: kex_derive_keys
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: newkeys: mode 1
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: SSH2_MSG_NEWKEYS sent
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: waiting for
SSH2_MSG_NEWKEYS
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: newkeys: mode 0
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
SSH2_MSG_NEWKEYS received
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: KEX done
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
userauth-request for user patrol service ssh-connection method none
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: attempt 0 failures 0
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: Failed none for
patrol from bb.bb.bb.bb port 624 ssh2
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
userauth-request for user patrol service ssh-connection method
hostbased
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: attempt 1 failures 1
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg
ssh-dss slen 55
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: Failed hostbased for
patrol from bb.bb.bb.bb port 624 ssh2
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
userauth-request for user patrol service ssh-connection method
hostbased
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: attempt 2 failures 2
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg
ssh-rsa slen 143
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: debug1: restore_uid
Jan 10 13:40:09 sunhost.stanford.edu sshd[6848]: Failed hostbased for
patrol from bb.bb.bb.bb port 624 ssh2
[ privileged port was used, but hostbased auth was still not accepted ]
===================Test #4 (failed)
===================
same as test #3, but user is removed from "system" group ...
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: Connection from
bb.bb.bb.bb port 893
Jan 10 13:57:26 sunhost.stanford.edu sshd[6804]: debug1: Forked child 6878.
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: Client
protocol version 2.0; client software version OpenSSH_3.0.1p1
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: match:
OpenSSH_3.0.1p1 pat ^OpenSSH
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: Enabling
compatibility mode for protocol 2.0
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: Local
version string SSH-1.99-OpenSSH_3.0.2p1
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1:
list_hostkey_types: ssh-rsa,ssh-dss
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: SSH2_MSG_KEXINIT sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1:
SSH2_MSG_KEXINIT received
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: kex:
client->server blowfish-cbc hmac-md5 none
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: kex:
server->client blowfish-cbc hmac-md5 none
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: dh_gen_key:
priv key bits set: 127/256
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: bits set: 1023/2049
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: bits set: 1052/2049
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: kex_derive_keys
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: newkeys: mode 1
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: SSH2_MSG_NEWKEYS sent
Jan 10 13:57:26 sunhost.stanford.edu sshd[6878]: debug1: waiting for
SSH2_MSG_NEWKEYS
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: newkeys: mode 0
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
SSH2_MSG_NEWKEYS received
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: KEX done
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
userauth-request for user patrol service ssh-connection method none
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: attempt 0 failures 0
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: Failed none for
patrol from bb.bb.bb.bb port 893 ssh2
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
userauth-request for user patrol service ssh-connection method
hostbased
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: attempt 1 failures 1
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg
ssh-dss slen 55
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: Failed hostbased for
patrol from bb.bb.bb.bb port 893 ssh2
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
userauth-request for user patrol service ssh-connection method
hostbased
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: attempt 2 failures 2
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
userauth_hostbased: cuser patrol chost aixhost2.Stanford.EDU. pkalg
ssh-rsa slen 143
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1:
temporarily_use_uid: 6737/1012 (e=0)
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: debug1: restore_uid
Jan 10 13:57:27 sunhost.stanford.edu sshd[6878]: Failed hostbased for
patrol from bb.bb.bb.bb port 893 ssh2
[ client again used privileged port, but user was still denied ]
==============================================================================
If I'm missing something obvious, I'd appreciate it if someone would
point it out, and I'd gladly dope-slap myself. If there does indeed
seem to be some issue there, it would be great if someone with more
coding experience (which would be just about everyone) could point me
in the proper direction.
I should also note that this works fine when going from a sun host as
a client and a sun host as the server.
Thanks, --Sandy
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Sandor W. Sklar - Unix Systems Administrator - Stanford University ITSS
Non impediti ratione cogitationis.
<http://whippet.stanford.edu/~ssklar/>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=