openssh unix dev - Oct 2003 - unexpected behaviour in OpenSSH_3.7.1

Hi,

we have installed OpenSSH_3.7.1 in /usr/local. In our environment all
machines mount /usr/local via NFS and automounter from a server. Because
every machine should use its own keys (otherwise we had to export the
directory with root priviledges so that every machine could read the
private keys from /usr/local/etc/ssh), we created the keys in /etc/ssh
and modified the configuration files appropriately. We wanted to use
hostbased authentication.


tyr fd1026 62 ssh -v
OpenSSH_3.7.1p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003

tyr fd1026 63 ps -aef | grep ssh
    root  4924     1  0 17:53:10 ?        0:00 /usr/local/sbin/sshd -f 
/usr/local/etc/ssh/sshd_config -p 22
    

tyr fd1026 64 alias ssh
ssh -q -F /usr/local/etc/ssh/ssh_config


tyr fd1026 65 cd /usr/local/etc/ssh
tyr ssh 66 grep ssh_host *config
sshd_config:HostKey /etc/ssh/ssh_host_key
sshd_config:HostKey /etc/ssh/ssh_host_rsa_key
sshd_config:HostKey /etc/ssh/ssh_host_dsa_key

tyr ssh 67 grep ssh_known *config
ssh_config:GlobalKnownHostsFile2 /usr/local/etc/ssh/ssh_known_hosts2
sshd_config:#   /usr/local/etc/ssh/ssh_known_hosts


Now we created ~/.shosts and tried a connection. Unfortunately we always
had to present a password. Debugging ssh and sshd didn't solve the problem.
At least we tried to insert some links into /usr/local/etc/ssh

ssh_host_dsa_key -> /etc/ssh/ssh_host_dsa_key
ssh_host_dsa_key.pub -> /etc/ssh/ssh_host_dsa_key.pub
ssh_host_key -> /etc/ssh/ssh_host_key
ssh_host_key.pub -> /etc/ssh/ssh_host_key.pub
ssh_host_rsa_key -> /etc/ssh/ssh_host_rsa_key
ssh_host_rsa_key.pub -> /etc/ssh/ssh_host_rsa_key.pub

With these links OpenSSH behaves as expected. We don't understand why these
links are necessary. Doesn't OpenSSH interpret the configuration files as
expected or have we made a mistake? Please let me know if you are interested
in the configuration files or any other information. I would be grateful if
somebody can give us a hint which solves our confusion.


Kind regards

Siegmar


##############################################################################
#                                                                            #
# Fachhochschule Fulda         University of Applied Sciences                #
# FB Angewandte Informatik     Department of Applied Computer Sciences       #
#                                                                            #
# Prof. Dr. Siegmar Gross      Tel.: +49 (661) 9640 - 333                    #
#                              Fax:  +49 (661) 9640 - 349                    #
# Marquardstr. 35              WWW:  http://www.fh-fulda.de/~gross           #
#                              E-Mail: siegmar.gross at informatik.fh-fulda.de 
#
# D-36039 Fulda                        sgross at acm.org                       
#
#                                                                            #
##############################################################################

we tried using links to the keys as well and it failed.
i didn't get into the code to see why, i just know that
when we took out the links and copied the files instead,
it worked fine for our particular configuration.
take that part out of the equation and see where you
are then.

Siegmar Gross wrote:
> Hi,
> 
> we have installed OpenSSH_3.7.1 in /usr/local. In our environment all
> machines mount /usr/local via NFS and automounter from a server. Because
> every machine should use its own keys (otherwise we had to export the
> directory with root priviledges so that every machine could read the
> private keys from /usr/local/etc/ssh), we created the keys in /etc/ssh
> and modified the configuration files appropriately. We wanted to use
> hostbased authentication.
> 
> 
> tyr fd1026 62 ssh -v
> OpenSSH_3.7.1p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
> 
> tyr fd1026 63 ps -aef | grep ssh
>     root  4924     1  0 17:53:10 ?        0:00 /usr/local/sbin/sshd -f 
> /usr/local/etc/ssh/sshd_config -p 22
>     
> 
> tyr fd1026 64 alias ssh
> ssh -q -F /usr/local/etc/ssh/ssh_config
> 
> 
> tyr fd1026 65 cd /usr/local/etc/ssh
> tyr ssh 66 grep ssh_host *config
> sshd_config:HostKey /etc/ssh/ssh_host_key
> sshd_config:HostKey /etc/ssh/ssh_host_rsa_key
> sshd_config:HostKey /etc/ssh/ssh_host_dsa_key
> 
> tyr ssh 67 grep ssh_known *config
> ssh_config:GlobalKnownHostsFile2 /usr/local/etc/ssh/ssh_known_hosts2
> sshd_config:#   /usr/local/etc/ssh/ssh_known_hosts
> 
> 
> Now we created ~/.shosts and tried a connection. Unfortunately we always
> had to present a password. Debugging ssh and sshd didn't solve the
problem.
> At least we tried to insert some links into /usr/local/etc/ssh
> 
> ssh_host_dsa_key -> /etc/ssh/ssh_host_dsa_key
> ssh_host_dsa_key.pub -> /etc/ssh/ssh_host_dsa_key.pub
> ssh_host_key -> /etc/ssh/ssh_host_key
> ssh_host_key.pub -> /etc/ssh/ssh_host_key.pub
> ssh_host_rsa_key -> /etc/ssh/ssh_host_rsa_key
> ssh_host_rsa_key.pub -> /etc/ssh/ssh_host_rsa_key.pub
> 
> With these links OpenSSH behaves as expected. We don't understand why
these
> links are necessary. Doesn't OpenSSH interpret the configuration files
as
> expected or have we made a mistake? Please let me know if you are
interested
> in the configuration files or any other information. I would be grateful if
> somebody can give us a hint which solves our confusion.
> 
> 
> Kind regards
> 
> Siegmar
> 
> 
>
##############################################################################
> #                                                                          
#
> # Fachhochschule Fulda         University of Applied Sciences              
#
> # FB Angewandte Informatik     Department of Applied Computer Sciences     
#
> #                                                                          
#
> # Prof. Dr. Siegmar Gross      Tel.: +49 (661) 9640 - 333                  
#
> #                              Fax:  +49 (661) 9640 - 349                  
#
> # Marquardstr. 35              WWW:  http://www.fh-fulda.de/~gross         
#
> #                              E-Mail: siegmar.gross at
informatik.fh-fulda.de  #
> # D-36039 Fulda                        sgross at acm.org                   
#
> #                                                                          
#
>
##############################################################################
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 

-- 
wendy palm
Cray Open Software Development, Cray Inc.
wendyp at cray.com, 651-605-9154