Displaying 20 results from an estimated 5000 matches similar to: "Hostbased authentication without known_hosts file?"
2008 Oct 17
1
Hostbased login based on SSHFP DNS records?
Hi,
is it possible to use SSHFP DNS records to enable password-free host-based login?
What I already got working is to use SSHFP DNS records to verify the server host keys.
debug1: found 2 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS
But hostbased login does not work and I still need to supply a password to log in. (Or to configure a known_hosts file on the
2010 May 26
2
hostbase authentication of hostcertificate
Dear All,
I am trying to use the hostcertificate to do the hostbaed authentication with the steps in the regress/cert-hostkey.sh
But it seems that it can not login with the hostcertificate.:
Here is debug message from the ssh client :
ssh -2 -oUserKnownHostsFile=/opt/ssh/etc/known_hosts-cert \
> -oGlobalKnownHostsFile=/opt/ssh/etc/known_hosts-cert sshia3 -p 1111 -vvv
debug1: checking
2003 Dec 18
2
known_hosts, IP, and port revisited
I dug through the list archives to see if this had come up before, and I
see that a bug <http://bugzilla.mindrot.org/show_bug.cgi?id=393> was
submitted and subsequently closed (basically rejected) in 2002.
The basic issue, for those of you who don't feel like following the bug
URL, is that when one has ssh servers behind a NAT, each of which responds
to a different port on the NAT IP,
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure
2002 Sep 10
8
[Bug 393] 'known_hosts' file should be indexed by IP:PORT, not just IP
http://bugzilla.mindrot.org/show_bug.cgi?id=393
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From markus at openbsd.org 2002-09-11
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized
2004 Aug 24
1
Possible problem with hostbased protocol 1 rhosts authentication
I found this problem when working with the Suse9.1 distribution, but have
since reproduced it with a vanilla build of Openssh
(openssh-3.9p1.tar.gz). Basically I cannot get a command like this:
XXXX>ssh -vvv -1 -o "RhostsAuthentication yes" AAAA
to work. Yes the appropriate settings are in the servers sshd_config file.
Hostbased protocol 1 ssh using rhosts between computers is
2015 Apr 13
2
[Bug 2378] New: Allow login to a role using Hostbased auth on platforms supporting PAM_AUSER
https://bugzilla.mindrot.org/show_bug.cgi?id=2378
Bug ID: 2378
Summary: Allow login to a role using Hostbased auth on
platforms supporting PAM_AUSER
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> ... while OpenSSH does support using a CA in conjunction with hostbased
> authentication, it still requires a list of all authorized host names in the
> rhosts / shosts file.
I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files
2003 Feb 26
2
OpenSSH 3.4p1 hostbased authentication
Hi,
We want to use Hostbased Authentication in OpenSSH 3.4p1 completely based on
rhosts or shosts. Don't want to have any keys exchange between server and
client.
Created /etc/ssh/sshd_config on OpenSSH server with:
RhostsAuthentication yes
IgnoreRhosts no
HostbasedAuthentication yes
Created /etc/ssh/ssh_config on client with:
Host *
HostbasedAuthentication yes
Created /etc/rhosts.equiv,
2010 Apr 20
1
Hostbased authentication and certificates
Hi,
Based on some experimentation with 5.4p1 and a cursory examination of
the source code, it doesn't look like hostbased authentication takes
advantage of certificates other than to authenticate the server. Is that
correct?
In cluster environments, hostbased authentication is still useful but
the size of the ssh_known_hosts file can become unwieldy in large
clusters. As an example, a few
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On Fri, 10 Nov 2023, Rory Campbell-Lange wrote:
> On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> > ... while OpenSSH does support using a CA in conjunction with hostbased
> > authentication, it still requires a list of all authorized host names in the
> > rhosts / shosts file.
>
> I'm not familiar with the use of .rhosts/.shosts, but I don't think
2002 Jan 07
1
Non-root hostname auth problem
All:
I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname
authentication for non-root users. When I connect to the sshd from a
second machine as root it works fine using HostbasedAuthentication, but it
always fails with non-root users.
I suspect that I am having a permissions problem somewhere, but I'll be
damned if I can figure out where.
Any and all help
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2002 Apr 24
1
hostbased authentication and the root account
We have a problem using hostbased authentication in combination with the
root account. We use hostbased authentication to hop from a 'management
server' where we use strong authentication to several systems in a cluster.
The management server is defined in shosts.equiv and the public key of this
server is defined in ssh_known_hosts. This setup works for all users except
for the root user
2003 Dec 07
1
hostbased failing and can't derive reason of failure in debugging output
Hello,
I've troubles getting the hostbased method to work. I've given up on
system-to-system for now (different versions), and I'm just trying to
debug localhost. As far as I can see, the key is accepted, but then a
sudden "Failed hostbased" is returned:
[...]
debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed
debug3: mm_append_debug: Appending debug messages for
2014 Mar 14
7
[Bug 2211] New: Too many hostbased authentication attempts
https://bugzilla.mindrot.org/show_bug.cgi?id=2211
Bug ID: 2211
Summary: Too many hostbased authentication attempts
Product: Portable OpenSSH
Version: 6.5p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2003 Mar 17
1
[Bug 512] Hostbased authentication bypass PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=512
Summary: Hostbased authentication bypass PAM
Product: Portable OpenSSH
Version: 3.5p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: yaccck at
2023 Nov 15
0
@cert-authority for hostbased auth - sans shosts?
On 11/15/23, 10:51 AM, "openssh-unix-dev on behalf of Marian Beermann" <openssh-unix-dev-bounces+iain.morgan=nasa.gov at mindrot.org <mailto:nasa.gov at mindrot.org> on behalf of public at enkore.de <mailto:public at enkore.de>> wrote:
On 11/15/23 18:09, Chris Rapier wrote:
> On 11/11/23 9:31 PM, Damien Miller wrote:
>
>> It's not discouraged so much as
2023 Nov 15
1
@cert-authority for hostbased auth - sans shosts?
On 11/11/23 9:31 PM, Damien Miller wrote:
> It's not discouraged so much as rarely used. It's very useful in some
> situations and I can think of good reasons to use it more often (e.g
> requiring both host and user identity as part of authentication).
>
> It definitely has more rough edges than user publickey authentication -
> it's harder to set up (admin only)