similar to: hostbased authentication problem in 3.4

http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=382 Summary: Privilege Separation breaks HostbasedAuthentication Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

Hello, I've troubles getting the hostbased method to work. I've given up on system-to-system for now (different versions), and I'm just trying to debug localhost. As far as I can see, the key is accepted, but then a sudden "Failed hostbased" is returned: [...] debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed debug3: mm_append_debug: Appending debug messages for

http://bugzilla.mindrot.org/show_bug.cgi?id=356 Summary: 3.4p1 hostbased authentication between Linux and Solaris Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

How do you enable hostbased authentication in OpenSSH? I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to be able to ssh from either of the machines to the other, as any user, without using passwords or per-user keys. My /etc/ssh/sshd_config contains: [...] IgnoreRhosts no HostbasedAuthentication yes [...] My /etc/ssh/ssh_config contains: [...]

hello, i did some debugging today, here is the weird portion form sshd -d -d -d debug1: userauth-request for user jholland service ssh-connection method hostbased debug1: attempt 1 failures 1 debug2: input_userauth_request: try method hostbased debug1: userauth_hostbased: cuser jholland chost i2-0. pkalg ssh-dss slen 55 debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20

Host based authentication does not seem to be working for us after upgrading to openssh-3.4p1 (we were at openssh-3.1p1) (openssl is at 0.96d). Any time we try to connect from another unix box also running openssh-3.4p1, we get the following error (on the server side) and host based auth fails (it falls back to password prompt). sshd[15038]: error: ssh_rsa_verify: RSA_verify failed:

Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only does not work if UsePrivilegeSeparation is enabled; but it does work if privsep is disabled. Here are excerpts of debug from the server. -----------UsePrivilegeSeparation DISABLED------- ... Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M debug1: restore_uid^M debug1: ssh_dss_verify:

Finally all the pieces are in place to allow strong user and host authentication with SSH2 and the latest OpenSSH code (plus my partial auth patch). Herein I describe one problem case, and a possible solution thereof. Target: Allow user logins from host charles to host steve using passwords Previously, you would have had to trust the IP headers to authenticate charles. If charles had a

OpenSSH 2.9.9 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH 2.9.9 fixes a weakness in the key file option handling, including source IP based access control. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability

In the past 2 months another change occurred in the CVS code that broke my ssh-keyscan patch. Here's an updated version that tweaks the changed name (in the Kex struct) and also causes an attempt to grab an ssh2 key from an older server (without ssh2 support) to fail earlier and without an error message (Stuart Pearlman emailed me some code for this). This patch is based on the BSD CVS

http://bugzilla.mindrot.org/show_bug.cgi?id=376 Summary: HostbasedAuthentication, followed snailbook but not working! :-( Product: Portable OpenSSH Version: -current Platform: UltraSparc URL: http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, One of our customer is experiencing a strange hang on their ssh server which I updated last night for him and rebuilt from the Gentoo port (this happened before and after the update). I can trigger it from a fresh boot by logging once or twice as root with an RSA key, then trying to log in as a regular user, getting the password wrong, and

Debian GNU/Linux 8.0 (jessie) OpenSSL 1.0.1k gcc (Debian 4.9.2-10) 4.9.2 "make tests" fails here: /usr/src/INET/openssh/ssh-keygen -lf /usr/src/INET/openssh/regress//t12.out.pub | grep test-comment-1234 >/dev/null run test connect.sh ... ssh connect with protocol 1 failed ssh connect with protocol 2 failed failed simple connect Makefile:192: recipe for target 't-exec' failed

Hi, we have installed OpenSSH_3.7.1 in /usr/local. In our environment all machines mount /usr/local via NFS and automounter from a server. Because every machine should use its own keys (otherwise we had to export the directory with root priviledges so that every machine could read the private keys from /usr/local/etc/ssh), we created the keys in /etc/ssh and modified the configuration files

Well, after trying repeatedly to get an ssh version 2 client to connect to an openssh server as a trusted host, and searching throughout the Internet and the openssh mailing list archives, I finally discovered the following statement at http://www.snailbook.com/faq/trusted-host-howto.auto.html: "Note that OpenSSH does not implement hostbased authentication in its protocol 2 support."

I'm trying to understand why I'm getting a new error message in 4.4p1, when 4.3p1 did not produce the error message. The config files are the unchanged. The new error in the log is Failed hostbased for xxx from nnn.nnn.nnn.nnn That is followed by the usual Accepted hostbased for xxx from nnn.nnn.nnn.nnn and the host based authentication continues to work correctly despite the new

When using "HostbasedUsesNameFromPacketOnly yes", the ssh client sends the hostname with a trailing dot, but the server does not strip off the trailing dot when matching against .shosts et. al., or when looking up keys in ssh_known_hosts2. This causes the host to not be found. Adding the hostname with trailing dot to the config files "fixes" this, but I think sshd should

I am trying to generate a ssh_known_hosts2 file, 2.9.9p2, using: ssh-keyscan -f list_of_hosts -t rsa > ssh_known_hosts.rsa and ssh-keyscan -f list_of_hosts -t dsa > ssh_known_hosts.dsa but both commands fail almost immidiately with: Couldn't obtain random bytes (error 604389476) What could that mean? Servers that I am aware of that I query is: OpenSSH_2.5.1p2 OpenSSH_2.5.2p2

--=-=-= Sorry, forgot to attach the file... --=-=-= Content-Type: application/zip Content-Disposition: attachment; filename=pdcompilelog.zip Content-Transfer-Encoding: base64 UEsDBBQAAAAIAImkRTGksC5Kaw8AACBOAAATABUAcGQuY29uZmlndXJlLm91dHB1dFVUCQADoeli QY3pYkFVeAQA9AFkAOVcbY/bNhL+nl8hFAc0vcR2Nt1kgwJ3QLLrtm73JdjNHRb3xaApymYskapE

This looks like a bug (ssh -v output from user included below). AUTH_FAIL_MAX is reached before all supported authentication methods are tried. One possible solution is to count authentication failures separately for each method tried, and disconnect if one fails more than <configurable> times. Btw: The exit status bug is fixed in the CVS version of OpenSSH, but I'm not very