I am seeing the same issues as another recent post, hostbased authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c patch posted, didn't seem to fix the problem. Details: Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d Key from client ssh_host_rsa_key.pub copied to server /etc/ssh/ssh_known_hosts2 with comma-separated client hostnames added to front and a blank space before rest of key entry. debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2 debug3: check_host_in_hostfile: match line 1 debug2: check_key_in_hostfiles: key ok for bester.cad.gatech.edu debug3: mm_answer_keyallowed: key 1323b0 is allowed debug3: mm_append_debug: Appending debug messages for child debug3: mm_request_send entering: type 21 debug3: mm_request_receive entering debug3: mm_send_debug: Sending debug: Accepted for bester.cad.gatech.edu [130.20 7.84.20] by /etc/ssh/shosts.equiv. debug3: mm_key_verify entering debug3: mm_request_send entering: type 22 debug3: monitor_read: checking request 22 ssh_rsa_verify: RSA_verify failed: error:04077068:lib(4):func(119):reason(104) debug1: ssh_rsa_verify: signature incorrect debug3: mm_answer_keyverify: key 132398 signature unverified debug3: mm_request_send entering: type 23 Failed hostbased for vf5 from 130.207.84.20 port 33083 ssh2 debug3: mm_request_receive entering debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY debug3: mm_request_receive_expect entering: type 23 debug3: mm_request_receive entering debug2: userauth_hostbased: authenticated 0 Failed hostbased for vf5 from 130.207.84.20 port 33083 ssh2 debug1: userauth-request for user vf5 service ssh-connection method keyboard-int eractive debug1: attempt 3 failures 3 debug2: input_userauth_request: try method keyboard-interactive Still getting an error from ssh_rsa_verify. Additionally I note in the debug output that despite trying to set in sshd_config the variable AuthorizedKeysFile /etc/ssh/authorized_keys that ssh -d -d -d output does not show it checking that file at all. I had to move it to /etc/ssh/ssh_known_hosts2 to get even this far. -- "Who needs horror movies when we have Microsoft"? -- Christine Comaford, PC Week, 27/9/95
On Fri, Jun 28, 2002 at 11:35:00AM -0400, Vincent Fox wrote:> I am seeing the same issues as another recent post, hostbased > authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c > patch posted, didn't seem to fix the problem.this is a know bug, check this for a patch: http://bugzilla.mindrot.org/show_bug.cgi?id=304 this will be fixed in 3.5, sorry.
Maybe Matching Threads
- [Bug 382] New: Privilege Separation breaks HostbasedAuthentication
- hostbased failing and can't derive reason of failure in debugging output
- [Bug 356] New: 3.4p1 hostbased authentication between Linux and Solaris
- OpenSSH 3.4p1 hostbased auth - howto?
- openssh 3.5p1 hostbased authentication