J.S.Peatfield at damtp.cam.ac.uk
2001-May-08 23:38 UTC
HostbasedAuthentication, and my sillyness
Maybe I just can't read properly, but I just spent the best part of a day trying to work out why HostbasedAuthentication wouldn't work for me (with protocol 2 in openssh-2.9p1). It seems (though maybe there is something wrong with my install), that after enabling it in the sshd_config it doesn't work, since the client will not in fact request it (by default). I was fooled by the statement in the ssh man page about HostbasedAuthentication that the client supports this by default (well it is set to "yes"). While it supports it, it seems that the default value for PreferredAuthentications is set to: publickey,password,keyboard-interactive,hostbased so it starts prompting for a password before getting that far. Setting the list to: publickey,hostbased,password,keyboard-interactive in ssh_config seems to do the trick, but even having added this I still can't find anything obvious which I should have seen before. If nothing else I'd suggest a statement in the ssh man page in the section for HostbasedAuthentication saying that one needs to alter the PreferredAuthentications before it is likely to work. Looking at the code in sshconnect2.c it seems to default to the order in the authmethods array, is there any reason not to patch that to place hostbased before password? Am I missing something, is this a subtle hint that we should not actually use hostbasedauthentication? -- Jon
On Wed, May 09, 2001 at 12:38:43AM +0100, J.S.Peatfield at damtp.cam.ac.uk wrote:> Looking at the code in sshconnect2.c it seems to default to the order > in the authmethods array, is there any reason not to patch that to > place hostbased before password?no.
Maybe Matching Threads
- [Bug 376] New: HostbasedAuthentication, followed snailbook but not working! :-(
- hostbased failing and can't derive reason of failure in debugging output
- Non-root hostname auth problem
- OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
- apparent ssh_config fascism