similar to: hostbased authentication and the root account

Hi, We want to use Hostbased Authentication in OpenSSH 3.4p1 completely based on rhosts or shosts. Don't want to have any keys exchange between server and client. Created /etc/ssh/sshd_config on OpenSSH server with: RhostsAuthentication yes IgnoreRhosts no HostbasedAuthentication yes Created /etc/ssh/ssh_config on client with: Host * HostbasedAuthentication yes Created /etc/rhosts.equiv,

Hi, I am still working on getting hostbased authentication working in OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so simple, yet I have continued to have problems getting it working properly. I've read posts about it on this list, and the openssh-unix-dev list, and nothing I have tried seems to work. My question is this, does it matter which key, either

How do you enable hostbased authentication in OpenSSH? I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to be able to ssh from either of the machines to the other, as any user, without using passwords or per-user keys. My /etc/ssh/sshd_config contains: [...] IgnoreRhosts no HostbasedAuthentication yes [...] My /etc/ssh/ssh_config contains: [...]

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure

On 09/11/23, Marian Beermann (public at enkore.de) wrote: > ... while OpenSSH does support using a CA in conjunction with hostbased > authentication, it still requires a list of all authorized host names in the > rhosts / shosts file. I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files

On Fri, 10 Nov 2023, Rory Campbell-Lange wrote: > On 09/11/23, Marian Beermann (public at enkore.de) wrote: > > ... while OpenSSH does support using a CA in conjunction with hostbased > > authentication, it still requires a list of all authorized host names in the > > rhosts / shosts file. > > I'm not familiar with the use of .rhosts/.shosts, but I don't think

On 11/10/23 04:17, Damien Miller wrote: > AIUI what he is asking for is a file that combines the host identity > of the system-wide ssh_known_hosts file with the host/user authorisation > of shosts in a single file. > > This might be a little cleaner, but IMO not so much so as to be highly > motivating (personally). > > -d Yup, but since this is auth code I imagine it

All: I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname authentication for non-root users. When I connect to the sshd from a second machine as root it works fine using HostbasedAuthentication, but it always fails with non-root users. I suspect that I am having a permissions problem somewhere, but I'll be damned if I can figure out where. Any and all help

Hello all! I'm looking for a solution to the following problem - I need to be able to use OpenSSH from root on one system to perform work on several dozen other systems using some automation. The restrictions that have to be met to keep the business happy are that no cleartext passwords or unencrypted private keys can be stored on disk. Since this is within an automated environment, there

Hello, I've troubles getting the hostbased method to work. I've given up on system-to-system for now (different versions), and I'm just trying to debug localhost. As far as I can see, the key is accepted, but then a sudden "Failed hostbased" is returned: [...] debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed debug3: mm_append_debug: Appending debug messages for

Hi, we're looking to reduce the number of host lists that need to be kept in sync in our system. (There are quite a few of them all over the place) OpenSSH CAs are an obvious solution for not having to keep all host keys in sync in /etc/ssh/known_hosts, however, while OpenSSH does support using a CA in conjunction with hostbased authentication, it still requires a list of all authorized

Hi, I'm trying to figure out how to read OpenSSH's log files (to assist our people in diagnosing "why is it always asking me for passwords"). All clients and servers are 3.0p1. First: server does not have the client's RSA2 key in known_host. debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got

is anyone using rhost-rsa + hosts.equiv? is it broken? -------------- next part -------------- An embedded message was scrubbed... From: Francesc Guasch <frankie at etsetb.upc.es> Subject: hosts.equiv Date: Thu, 22 Mar 2001 12:56:22 +0100 Size: 2614 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010322/ced5a345/attachment.mht

Hi, Based on some experimentation with 5.4p1 and a cursory examination of the source code, it doesn't look like hostbased authentication takes advantage of certificates other than to authenticate the server. Is that correct? In cluster environments, hostbased authentication is still useful but the size of the ssh_known_hosts file can become unwieldy in large clusters. As an example, a few

I dug through the list archives to see if this had come up before, and I see that a bug <http://bugzilla.mindrot.org/show_bug.cgi?id=393> was submitted and subsequently closed (basically rejected) in 2002. The basic issue, for those of you who don't feel like following the bug URL, is that when one has ssh servers behind a NAT, each of which responds to a different port on the NAT IP,

On 11/11/23 9:31 PM, Damien Miller wrote: > It's not discouraged so much as rarely used. It's very useful in some > situations and I can think of good reasons to use it more often (e.g > requiring both host and user identity as part of authentication). > > It definitely has more rough edges than user publickey authentication - > it's harder to set up (admin only)

I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and /etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I include a "tag == anything" in the Collector filter, it collects all resources EXCEPT it''s own. In this case, the known_hosts and .equiv files will have all the other hostnames, but not it''s own hostname.

I found this problem when working with the Suse9.1 distribution, but have since reproduced it with a vanilla build of Openssh (openssh-3.9p1.tar.gz). Basically I cannot get a command like this: XXXX>ssh -vvv -1 -o "RhostsAuthentication yes" AAAA to work. Yes the appropriate settings are in the servers sshd_config file. Hostbased protocol 1 ssh using rhosts between computers is

Hi, I am trying to configure OpenSSH to allow root logins, without success so far. So I could really use some advice. This is my server configuration: AllowUsers = thomas root AuthenticationMethods hostbased,publickey ExposeAuthInfo = no ForceCommand none GSSAPIAuthentication no HostbasedAcceptedAlgorithms ssh-ed25519 HostbasedAuthentication yes HostbasedUsesNameFromPacketOnly yes HostKey