Displaying 20 results from an estimated 1000 matches similar to: "Hostbased Authentication Question"
2003 Feb 05
0
openssh 3.5p1 hostbased authentication
hello,
i did some debugging today, here is the weird portion form sshd -d -d -d
debug1: userauth-request for user jholland service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method hostbased
debug1: userauth_hostbased: cuser jholland chost i2-0. pkalg ssh-dss slen
55
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2002 Aug 07
0
[Bug 382] New: Privilege Separation breaks HostbasedAuthentication
http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=382
Summary: Privilege Separation breaks HostbasedAuthentication
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at
2002 Aug 01
0
[Bug 376] New: HostbasedAuthentication, followed snailbook but not working! :-(
http://bugzilla.mindrot.org/show_bug.cgi?id=376
Summary: HostbasedAuthentication, followed snailbook but not
working! :-(
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
URL: http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-
2002 May 08
1
[PATCH] Strip trailing . when using HostbasedUsesNameFromPacketOnly
The following simple patch (against openssh-3.1) moves the test for a
trailing dot in the client-supplied hostname so that it is also stripped
when using the server option HostbasedUsesNameFromPacketOnly.
Please CC me on any replies, as I'm not subscribed to the list.
Cheers,
Bill Rugolsky
--- ssh/auth2.c~ Sun Feb 24 14:14:59 2002
+++ ssh/auth2.c Wed May 8 16:26:26 2002
@@ -709,15
2005 Oct 06
1
Possible security problem in hostbased user authentication?
In auth2-hostbased.c, line #146
if (auth_rhosts2(pw, cuser, chost, chost) == 0)
^^^^^
shouldn't this be
if (auth_rhosts2(pw, cuser, chost, ipaddr) == 0)
^^^^^^
The code was found in 4.2.
Best regards,
Choung S.Park
2001 Oct 29
5
HostbasedAuthentication problem
I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host
the following error occurs:
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost <host>
debug2: we did not send a packet, disable method
What does this mean ? I enabled HostbasedAuthentication in
/etc/ssh/ssh_config and as it looks, this setting
2001 Sep 28
2
openssh-2.9p2, auth2.c
Even with option "HostbasedUsesNameFromPacketOnly yes", the trailing
dot in chost should be stripped before auth_rhosts2() is called from
hostbased_key_allowed().
Hans Werner Strube strube at physik3.gwdg.de
Drittes Physikalisches Institut, Univ. Goettingen
Buergerstr. 42-44, D-37073 Goettingen, Germany
Suggested change:
*** auth2.c.ORI Wed Apr 25 14:44:15 2001
---
2001 Nov 09
2
openssh-3.0p1, auth2.c
openssh-3.0p1 still contains the bug which I already reported on Sept. 28 2001
for 2.9p2, namely, the trailing dot in chost should be stripped before calling
auth_rhosts2() even with option "HostbasedUsesNameFromPacketOnly yes".
Otherwise, the host names in /etc/hosts.equiv and .rhosts would have to be
dot-terminated. Fix: Move lines 776-779 of auth2.c upwards to after line 767.
(These
2002 Jul 01
3
3.4p1: 'buffer_append_space: alloc 10506240 not supported'
I have been trying to install 3.4p1 on a number of machines.
Servers on ia64 Linux, i386 Linux and SPARC Solaris are all working
like charms. On the other hand, I am having trouble at least with
HPUX 11, DEC OSF 5.1 and Unixware: on all those systems, sshd bails
out after authentication with an error in buffer_append_space.
Here is the output of sshd -d on the UnixWare machine
(uname -a:
2016 Feb 14
5
[Bug 2541] New: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c
https://bugzilla.mindrot.org/show_bug.cgi?id=2541
Bug ID: 2541
Summary: Add explicit_bzero() before free() in OpenSSH-7.1p2
for auth1.c/auth2.c/auth2-hostbased.c
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
2003 Sep 13
3
Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes
If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove
the trailing dot from the client supplied hostname, causing sshd to
attempt to look up "foo.example.com." (note trailing period) in
known_hosts and .shosts instead of "foo.example.com"
Trivial patch attached.
--
Carson
-------------- next part --------------
An embedded and charset-unspecified text was
2003 Dec 07
1
hostbased failing and can't derive reason of failure in debugging output
Hello,
I've troubles getting the hostbased method to work. I've given up on
system-to-system for now (different versions), and I'm just trying to
debug localhost. As far as I can see, the key is accepted, but then a
sudden "Failed hostbased" is returned:
[...]
debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed
debug3: mm_append_debug: Appending debug messages for
2002 Jul 16
0
[Bug 356] New: 3.4p1 hostbased authentication between Linux and Solaris
http://bugzilla.mindrot.org/show_bug.cgi?id=356
Summary: 3.4p1 hostbased authentication between Linux and Solaris
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at mindrot.org
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure
2002 Jun 28
1
hostbased authentication problem in 3.4
I am seeing the same issues as another recent post, hostbased
authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c
patch posted, didn't seem to fix the problem.
Details:
Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d
Key from client ssh_host_rsa_key.pub copied to server /etc/ssh/ssh_known_hosts2
with comma-separated client hostnames added to front and a blank space before
rest of
2010 May 26
2
hostbase authentication of hostcertificate
Dear All,
I am trying to use the hostcertificate to do the hostbaed authentication with the steps in the regress/cert-hostkey.sh
But it seems that it can not login with the hostcertificate.:
Here is debug message from the ssh client :
ssh -2 -oUserKnownHostsFile=/opt/ssh/etc/known_hosts-cert \
> -oGlobalKnownHostsFile=/opt/ssh/etc/known_hosts-cert sshia3 -p 1111 -vvv
debug1: checking
2006 Feb 12
1
sshd double-logging
Hi all.
As Corinna pointed out, there are some cases where sshd will log some
authentications twice when privsep=yes.
This can happen on any platform although it seems most obvious on the
ones that don't do post-auth privsep. It also occurs when sshd logs
to stderr (eg running under daemontools) or when you have a /dev/log in
the privsep chroot.
The patch below attempts to solve this for
2002 Jan 10
1
OpenSSH 3.0.Xp1, AIX -> Sun trusted host problem
Hi, Folks ...
Apologies in advance for the length of this message, but I wanted to
be thorough, and provide as much info as I could. I'm trying to
figure out a problem in trusted-host authentication using AIX hosts
as clients, and a Sun host as the server; either I'm missing
something real obvious, or there might be a bug somewhere in some
piece of software involved here.
-- All of
2001 Sep 28
3
openssh-2.9p2, short hostnames
For systems where the local hostname is obtained as a short name without
domain, there should be a ssh_config option "DefaultDomain" as in ssh-3.x
from ssh.com.
For the server, there might be a corresponding option in order to strip
the domain name from the remote client name (if it matches the server's
DefaultDomain) for use in auth_rhost2, since netgroups usually contain
short