Displaying 20 results from an estimated 7000 matches similar to: "known_hosts, IP, and port revisited"
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized
2002 Sep 10
8
[Bug 393] 'known_hosts' file should be indexed by IP:PORT, not just IP
http://bugzilla.mindrot.org/show_bug.cgi?id=393
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From markus at openbsd.org 2002-09-11
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> ... while OpenSSH does support using a CA in conjunction with hostbased
> authentication, it still requires a list of all authorized host names in the
> rhosts / shosts file.
I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files
2001 Apr 24
10
Call for testing for coming 2.9 release.
If we can get people to test their platforms against the last snapshot/cvs
tree I'd be greatful. (http://www.openssh.com/portable.html)
I know NeXT platform has problems. I'm going to spend tonight looking at
it.
Also, take a moment to see what manpage type ./configure decided for your
system and if it's 'cat' please let us know.
Thanks.
- Ben
2001 Nov 15
1
ssh -2 and hostbasedauth
Hi,
I'm trying to figure out how to read OpenSSH's log files (to assist
our people in diagnosing "why is it always asking me for passwords").
All clients and servers are 3.0p1.
First: server does not have the client's RSA2 key in known_host.
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got
2002 Jan 07
1
Non-root hostname auth problem
All:
I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname
authentication for non-root users. When I connect to the sshd from a
second machine as root it works fine using HostbasedAuthentication, but it
always fails with non-root users.
I suspect that I am having a permissions problem somewhere, but I'll be
damned if I can figure out where.
Any and all help
2003 Sep 13
3
Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes
If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove
the trailing dot from the client supplied hostname, causing sshd to
attempt to look up "foo.example.com." (note trailing period) in
known_hosts and .shosts instead of "foo.example.com"
Trivial patch attached.
--
Carson
-------------- next part --------------
An embedded and charset-unspecified text was
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On Fri, 10 Nov 2023, Rory Campbell-Lange wrote:
> On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> > ... while OpenSSH does support using a CA in conjunction with hostbased
> > authentication, it still requires a list of all authorized host names in the
> > rhosts / shosts file.
>
> I'm not familiar with the use of .rhosts/.shosts, but I don't think
2008 Oct 27
3
Hostbased authentication without known_hosts file?
Hi,
is there any way to use hostbased authentication without the need to
have the SSH host keys stored in a known_hosts file?
We run a large cluster where we need to have passwordless remote login
available. We currently do that with hostbased SSH authentication. But
it is error-prone and a lot of work to keep the known_hosts file up to
date on all hosts. (This is the same situation like DNS vs
2004 Aug 24
1
Possible problem with hostbased protocol 1 rhosts authentication
I found this problem when working with the Suse9.1 distribution, but have
since reproduced it with a vanilla build of Openssh
(openssh-3.9p1.tar.gz). Basically I cannot get a command like this:
XXXX>ssh -vvv -1 -o "RhostsAuthentication yes" AAAA
to work. Yes the appropriate settings are in the servers sshd_config file.
Hostbased protocol 1 ssh using rhosts between computers is
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure
2003 Feb 26
2
OpenSSH 3.4p1 hostbased authentication
Hi,
We want to use Hostbased Authentication in OpenSSH 3.4p1 completely based on
rhosts or shosts. Don't want to have any keys exchange between server and
client.
Created /etc/ssh/sshd_config on OpenSSH server with:
RhostsAuthentication yes
IgnoreRhosts no
HostbasedAuthentication yes
Created /etc/ssh/ssh_config on client with:
Host *
HostbasedAuthentication yes
Created /etc/rhosts.equiv,
2002 Apr 24
1
hostbased authentication and the root account
We have a problem using hostbased authentication in combination with the
root account. We use hostbased authentication to hop from a 'management
server' where we use strong authentication to several systems in a cluster.
The management server is defined in shosts.equiv and the public key of this
server is defined in ssh_known_hosts. This setup works for all users except
for the root user
2023 Nov 15
0
@cert-authority for hostbased auth - sans shosts?
On 11/15/23, 10:51 AM, "openssh-unix-dev on behalf of Marian Beermann" <openssh-unix-dev-bounces+iain.morgan=nasa.gov at mindrot.org <mailto:nasa.gov at mindrot.org> on behalf of public at enkore.de <mailto:public at enkore.de>> wrote:
On 11/15/23 18:09, Chris Rapier wrote:
> On 11/11/23 9:31 PM, Damien Miller wrote:
>
>> It's not discouraged so much as
2023 Nov 15
1
@cert-authority for hostbased auth - sans shosts?
On 11/11/23 9:31 PM, Damien Miller wrote:
> It's not discouraged so much as rarely used. It's very useful in some
> situations and I can think of good reasons to use it more often (e.g
> requiring both host and user identity as part of authentication).
>
> It definitely has more rough edges than user publickey authentication -
> it's harder to set up (admin only)
2004 Apr 30
1
Code question (canohost.c)
On Fri, 30 Apr 2004, YOSHIFUJI Hideaki / [iso-2022-jp] $B5HF#1QL@(B wrote:
> In article <Pine.BSO.4.44.0404292059520.953-100000 at etoh.eviladmin.org> (at Thu, 29 Apr 2004 21:00:26 -0500 (CDT)), Ben Lindstrom <mouring at etoh.eviladmin.org> says:
>
> > Be that true.. then one should review the usage of it in sshconnect.c
> > which is the other place we do it.
>
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2015 Apr 13
2
[Bug 2378] New: Allow login to a role using Hostbased auth on platforms supporting PAM_AUSER
https://bugzilla.mindrot.org/show_bug.cgi?id=2378
Bug ID: 2378
Summary: Allow login to a role using Hostbased auth on
platforms supporting PAM_AUSER
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
2001 Feb 20
4
(Solaris) Linker flags in 2.5.1p1... (fwd)
Comments from the rest of the Solaris group?
- Ben
---------- Forwarded message ----------
Date: Tue, 20 Feb 2001 11:20:33 +0100
From: Volker Paulsen <paulsen at orbiteam.de>
To: mouring at etoh.eviladmin.org
Subject: Linker flags in 2.5.1p1...
While I'm compiling 2.5.1p1, I've got the following remarks:
Host: sparc-sun-solaris2.7
Compiler: cc
Compiler
2013 Aug 13
2
Collector not realizing own exported resources when filtering on tags
I''m trying to create a ssh class where the /etc/ssh/ssh_known_hosts and
/etc/ssh/shosts.equiv stays updated. The issue i''m finding is that if I
include a "tag == anything" in the Collector filter, it collects all
resources EXCEPT it''s own. In this case, the known_hosts and .equiv files
will have all the other hostnames, but not it''s own hostname.