Marc Owen
2003-Dec-07 06:05 UTC
hostbased failing and can't derive reason of failure in debugging output
Hello, I've troubles getting the hostbased method to work. I've given up on system-to-system for now (different versions), and I'm just trying to debug localhost. As far as I can see, the key is accepted, but then a sudden "Failed hostbased" is returned: [...] debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed debug3: mm_append_debug: Appending debug messages for child debug3: mm_request_send entering: type 21 debug3: mm_request_receive entering debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: mm_send_debug: Sending debug: Accepted for hostname.domainname.tld [192.168.1.5] by /etc/ssh/shosts.equiv. debug2: userauth_hostbased: authenticated 0 Failed hostbased for anna from 192.168.1.5 port 33148 ssh2 [...] The full output is in the attachment, if I've been snipping too much (I hope it doesn't get stripped off by the mailing list software). Some basic configuration info: ssh_config (stripped): Host hostname.domainname.tld PreferredAuthentications hostbased,publickey,password HostbasedAuthentication yes GlobalKnownHostsFile /etc/ssh/ssh_known_hosts2 CheckHostIP yes StrictHostKeyChecking ask Protocol 2 sshd_config (stripped): Protocol 2 HostbasedAuthentication yes IgnoreRhosts no shosts.equiv (stripped): 192.168.1.5 hostname.domainname.tld + + (Last line just for testing, obviously.) ls /etc/ssh/: ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub ssh_known_hosts@ ssh_known_hosts2 [...] ssh-keysign is setuid root; ssh version is 3.4p1/3.6.1p2-10(tried both). Thanks for any help... -------------- next part -------------- A non-text attachment was scrubbed... Name: delme Type: application/octet-stream Size: 12360 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20031207/7eb93ed1/attachment.obj
Tim Rice
2003-Dec-08 01:23 UTC
hostbased failing and can't derive reason of failure in debugging output
On Sun, 7 Dec 2003, Marc Owen wrote:> > Hello, > > I've troubles getting the hostbased method to work. I've given up on > system-to-system for now (different versions), and I'm just trying to > debug localhost. As far as I can see, the key is accepted, but then a > sudden "Failed hostbased" is returned: >[snip]> Some basic configuration info: > > ssh_config (stripped): > Host hostname.domainname.tld > PreferredAuthentications hostbased,publickey,password > HostbasedAuthentication yes > GlobalKnownHostsFile /etc/ssh/ssh_known_hosts2 > CheckHostIP yes > StrictHostKeyChecking ask > Protocol 2[snip] Add this to the end of your ssh_config Host * EnableSSHKeysign yes -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net