Displaying 20 results from an estimated 132 matches for "hostbasedauthentication".
2001 Oct 29
5
HostbasedAuthentication problem
I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host
the following error occurs:
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost <host>
debug2: we did not send a packet, disable method
What does this mean ? I enabled HostbasedAuthenticati...
2016 Dec 19
5
Do people use HostbasedAuthentication?
Do people actually use HostbasedAuthentication? It needs several
steps to enable and generally seems quite arcane by now. I wonder
if this is something that could be trimmed away...
--
Christian "naddy" Weisgerber naddy at mips.inka.de
2002 Oct 15
3
OpenSSH 3.5 released
...g).
* ssh(1) prints out all known host keys for a host if it receives an
unknown host key of a different type.
* Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused
problems with bounds checking patches for gcc).
* ssh-keysign(8) is disabled by default and only enabled if the
HostbasedAuthentication option is enabled in the global ssh_config(5)
file.
* ssh-keysign(8) uses RSA blinding in order to avoid timing attacks
against the RSA host key.
* A use-after-free bug was fixed in ssh-keysign(8). This bug
broke hostbased authentication on several platforms.
* ssh-agent(1) is now install...
2002 Oct 15
3
OpenSSH 3.5 released
...g).
* ssh(1) prints out all known host keys for a host if it receives an
unknown host key of a different type.
* Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused
problems with bounds checking patches for gcc).
* ssh-keysign(8) is disabled by default and only enabled if the
HostbasedAuthentication option is enabled in the global ssh_config(5)
file.
* ssh-keysign(8) uses RSA blinding in order to avoid timing attacks
against the RSA host key.
* A use-after-free bug was fixed in ssh-keysign(8). This bug
broke hostbased authentication on several platforms.
* ssh-agent(1) is now install...
2001 May 08
1
HostbasedAuthentication, and my sillyness
Maybe I just can't read properly, but I just spent the best part of a
day trying to work out why HostbasedAuthentication wouldn't work for
me (with protocol 2 in openssh-2.9p1).
It seems (though maybe there is something wrong with my install), that
after enabling it in the sshd_config it doesn't work, since the client
will not in fact request it (by default).
I was fooled by the statement in the ssh man pag...
2002 Aug 07
0
[Bug 376] HostbasedAuthentication, followed snailbook but not working! :-(
...76
rlebar at erac.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
Summary|HostbasedAuthentication, |HostbasedAuthentication,
|followed snailbook but not |followed snailbook but not
|working! :-( |working! :-(
------- Additional Comments From rlebar at erac.com 2002-08-08 03:06 -------
Never mind. I needed to put shosts.equiv in /opt/e...
2002 Jul 19
1
OpenSSH 3.4p1 hostbased auth - howto?
...you enable hostbased authentication in OpenSSH?
I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to
be able to ssh from either of the machines to the other, as any user,
without using passwords or per-user keys.
My /etc/ssh/sshd_config contains:
[...]
IgnoreRhosts no
HostbasedAuthentication yes
[...]
My /etc/ssh/ssh_config contains:
[...]
HostbasedAuthentication yes
[...]
I created the known hosts file like so:
box1# cd /etc/ssh
box1# cp ssh_host_dsa_key.pub ssh_known_hosts2
I replicated the config directory:
box2# rm -rf /etc/ssh
box2# mkdir /etc/ssh
box2# chown...
2001 Apr 25
0
Minor bug in HostbasedAuthentication
When using "HostbasedUsesNameFromPacketOnly yes", the ssh client sends the
hostname with a trailing dot, but the server does not strip off the
trailing dot when matching against .shosts et. al., or when looking up keys
in ssh_known_hosts2. This causes the host to not be found. Adding the
hostname with trailing dot to the config files "fixes" this, but I think
sshd should
2002 Sep 10
0
[Bug 382] Privilege Separation breaks HostbasedAuthentication
http://bugzilla.mindrot.org/show_bug.cgi?id=382
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From markus at openbsd.org 2002-09-11
2002 Jan 07
1
Non-root hostname auth problem
All:
I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname
authentication for non-root users. When I connect to the sshd from a
second machine as root it works fine using HostbasedAuthentication, but it
always fails with non-root users.
I suspect that I am having a permissions problem somewhere, but I'll be
damned if I can figure out where.
Any and all help appreciated.
-David
Relevant file snippets below:
****************
Error message generated from the server-side command...
2003 Sep 13
2
CVS is missing documentation for HostbasedUsesNameFromPacketOnly
I'm attaching a simple doc patch against current CVS - feel free to re-word
it as you see fit. I also noticed that if UseDNS is no,
HostbasedUsesNameFromPacketOnly _must_ be yes if you want
HostbasedAuthentication to work.
--
Carson
-------------- next part --------------
--- sshd_config.5.DIST 2003-09-13 02:25:18.365707000 -0400+++ sshd_config.5 2003-09-13 02:46:29.430974000 -0400@@ -245,6 +245,16 @@ and applies to protocol version 2 only. The default is .Dq no .+.It Cm HostbasedUsesNameFromPacketOnly+Spe...
2005 May 17
3
feature: RequiredAuthentications
...norant question, maybe I'm missing something ...
Is there a way for a sshd server to be able to enforce both
client host key authentication as well as user authentication,
say for roving user-administered laptops.
So a sysadmin can restrict access to allow only client hosts
which can pass the HostbasedAuthentication tests,
whatever the current IP name/address, but still insist on the user
authenticating themselves (by password say). Is this possible?
I see there's a SSH2 configuration of RequiredAuthentications which
might allow the sysadmin to specify two authentications required, but
it's not in o...
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
...ec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-k key_gen_time] [-o option] [-p port]
I have configured for hostbased authentication
client ssh_config
...
PreferredAuthentications hostbased,publickey
HostbasedAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
...
server sshd_config
...
AuthenticationMethods hostbased,publickey
HostbasedAuthentication yes
HostbasedUsesNameFromPacketOnly yes
PubkeyAuthentication...
2002 Aug 07
0
[Bug 382] New: Privilege Separation breaks HostbasedAuthentication
http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=382
Summary: Privilege Separation breaks HostbasedAuthentication
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: rlebar at...
2002 Aug 01
0
[Bug 376] New: HostbasedAuthentication, followed snailbook but not working! :-(
http://bugzilla.mindrot.org/show_bug.cgi?id=376
Summary: HostbasedAuthentication, followed snailbook but not
working! :-(
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
URL: http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-
8&group=comp.security.ssh&s...
2003 Feb 28
1
Hostbased Authentication Question
...d" line. If I have all my host keys
in /etc/ssh/ssh_known_hosts on the server I'm trying to connect to, it
should allow me in. Right? I've tried all 3 at the same time, then
seperately, and nothing. I've also tried generating new keys, that didn't
work either.
Yes I have HostbasedAuthentication set to yes in /etc/ssh/sshd_config on
the server i'm connecting to.
I do have HostbasedAuthentication set to yes in /etc/ssh/ssh_config on the
client i'm coming from.
I also have an /etc/ssh/shosts.equiv file on the server.
My DSN is setup correctly on both systems, there are no proble...
2003 Oct 07
2
EnableSSHKeysign
It looks like host based authentication will not work if you
attempt to set EnableSSHKeysign on a per host basis.
Ie. This does not work.
-------
Host ou8
HostName ou8.somedomain.com
HostbasedAuthentication yes
EnableSSHKeysign yes
NoHostAuthenticationForLocalhost yes
-------
Unless you also add
-----
Host *
EnableSSHKeysign yes
-----
Is this the intended behavior?
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
2003 Dec 07
1
hostbased failing and can't derive reason of failure in debugging output
...sh2
[...]
The full output is in the attachment, if I've been snipping too much (I
hope it doesn't get stripped off by the mailing list software).
Some basic configuration info:
ssh_config (stripped):
Host hostname.domainname.tld
PreferredAuthentications hostbased,publickey,password
HostbasedAuthentication yes
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts2
CheckHostIP yes
StrictHostKeyChecking ask
Protocol 2
sshd_config (stripped):
Protocol 2
HostbasedAuthentication yes
IgnoreRhosts no
shosts.equiv (stripped):
192.168.1.5
hostname.domainname.tld
+ +
(Last line just for test...
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure the client's pub...
2015 Feb 23
2
help with negative patterns in Match
...able from the inside, so e.g.
though something like this would do the job in sshd_config:
#general config
#...
Match User foo LocalAddress 10.0.0.1,fe80:abba::0
PasswordAuthentication no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
Match User foo LocalAddress !10.0.0.1,!fe80:abba::0
PasswordAuthentication no
KbdInteract...