Displaying 20 results from an estimated 6000 matches similar to: "Hostbased authentication and certificates"
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2003 Feb 28
1
Hostbased Authentication Question
Hi,
I am still working on getting hostbased authentication working in
OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so
simple, yet I have continued to have problems getting it working properly.
I've read posts about it on this list, and the openssh-unix-dev list, and
nothing I have tried seems to work. My question is this, does it matter
which key, either
2002 Apr 24
1
hostbased authentication and the root account
We have a problem using hostbased authentication in combination with the
root account. We use hostbased authentication to hop from a 'management
server' where we use strong authentication to several systems in a cluster.
The management server is defined in shosts.equiv and the public key of this
server is defined in ssh_known_hosts. This setup works for all users except
for the root user
2010 Jun 04
0
Hostbased authentication with certificates
Greetings,
For those interested in using certificates with hostbased
authentication, I have just submitted an enhancement request[1] to the
OpenSSH bugzilla site with a preliminary patch that adds support for
this.
Despite the fact that hostbased authentication is, by default, disabled
for both the client and server, there are environments where hostbased
authentication can be very useful. One
2014 Nov 05
17
[Bug 2305] New: sshd does not accept @cert-authority when doing host based authentication.
https://bugzilla.mindrot.org/show_bug.cgi?id=2305
Bug ID: 2305
Summary: sshd does not accept @cert-authority when doing host
based authentication.
Product: Portable OpenSSH
Version: 6.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component:
2015 Jan 09
2
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
On Fri, Jan 09, 2015 at 13:00:10 -0800, grantksupport at operamail.com wrote:
> Hi
>
> On Fri, Jan 9, 2015, at 12:34 PM, Mark Hahn wrote:
> > >> The one you are missing is EnableSSHKeysign.
> >
> > I suppose it's worth asking: is your ssh-keysign suid root
> > (and are the permissions on your host keys sufficiently tight)?
>
> Note that
2003 Feb 26
2
OpenSSH 3.4p1 hostbased authentication
Hi,
We want to use Hostbased Authentication in OpenSSH 3.4p1 completely based on
rhosts or shosts. Don't want to have any keys exchange between server and
client.
Created /etc/ssh/sshd_config on OpenSSH server with:
RhostsAuthentication yes
IgnoreRhosts no
HostbasedAuthentication yes
Created /etc/ssh/ssh_config on client with:
Host *
HostbasedAuthentication yes
Created /etc/rhosts.equiv,
2014 Mar 14
7
[Bug 2211] New: Too many hostbased authentication attempts
https://bugzilla.mindrot.org/show_bug.cgi?id=2211
Bug ID: 2211
Summary: Too many hostbased authentication attempts
Product: Portable OpenSSH
Version: 6.5p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2002 Jul 19
1
OpenSSH 3.4p1 hostbased auth - howto?
How do you enable hostbased authentication in OpenSSH?
I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to
be able to ssh from either of the machines to the other, as any user,
without using passwords or per-user keys.
My /etc/ssh/sshd_config contains:
[...]
IgnoreRhosts no
HostbasedAuthentication yes
[...]
My /etc/ssh/ssh_config contains:
[...]
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On Fri, 10 Nov 2023, Rory Campbell-Lange wrote:
> On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> > ... while OpenSSH does support using a CA in conjunction with hostbased
> > authentication, it still requires a list of all authorized host names in the
> > rhosts / shosts file.
>
> I'm not familiar with the use of .rhosts/.shosts, but I don't think
2023 Nov 11
1
@cert-authority for hostbased auth - sans shosts?
On 11/10/23 04:17, Damien Miller wrote:
> AIUI what he is asking for is a file that combines the host identity
> of the system-wide ssh_known_hosts file with the host/user authorisation
> of shosts in a single file.
>
> This might be a little cleaner, but IMO not so much so as to be highly
> motivating (personally).
>
> -d
Yup, but since this is auth code I imagine it
2003 Dec 07
1
hostbased failing and can't derive reason of failure in debugging output
Hello,
I've troubles getting the hostbased method to work. I've given up on
system-to-system for now (different versions), and I'm just trying to
debug localhost. As far as I can see, the key is accepted, but then a
sudden "Failed hostbased" is returned:
[...]
debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed
debug3: mm_append_debug: Appending debug messages for
2015 Jan 09
4
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
On Fri, Jan 09, 2015 at 12:22:00 -0800, grantksupport at operamail.com wrote:
> @client
>
> as root (as before)
>
> ssh server.DOMAIN.COM
> Permission denied (hostbased).
>
> instead, as my user, fails differently for some reason,
>
> ssh server.DOMAIN.COM
> ...
> no matching hostkey found for key ED25519
2010 May 26
2
hostbase authentication of hostcertificate
Dear All,
I am trying to use the hostcertificate to do the hostbaed authentication with the steps in the regress/cert-hostkey.sh
But it seems that it can not login with the hostcertificate.:
Here is debug message from the ssh client :
ssh -2 -oUserKnownHostsFile=/opt/ssh/etc/known_hosts-cert \
> -oGlobalKnownHostsFile=/opt/ssh/etc/known_hosts-cert sshia3 -p 1111 -vvv
debug1: checking
2002 Jan 07
1
Non-root hostname auth problem
All:
I have a problem connecting Openssh 3.0.2p1 on Solaris 8 using hostname
authentication for non-root users. When I connect to the sshd from a
second machine as root it works fine using HostbasedAuthentication, but it
always fails with non-root users.
I suspect that I am having a permissions problem somewhere, but I'll be
damned if I can figure out where.
Any and all help
2001 Oct 29
5
HostbasedAuthentication problem
I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host
the following error occurs:
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost <host>
debug2: we did not send a packet, disable method
What does this mean ? I enabled HostbasedAuthentication in
/etc/ssh/ssh_config and as it looks, this setting
2010 Mar 18
1
Question about host certificates
Hi,
I'm experimenting with host certificates in 5.4p1 and seem to have hit a
usability issue. I've generated a host certificate, added the
HostCertificate option to the sshd_config and restarted sshd. I've
replaced the system's ssh_known_hosts file with one that has a single
entry of the form:
@cert-authority *.example.domain ssh-rsa ...
This works provided that I use the
2003 Feb 05
0
openssh 3.5p1 hostbased authentication
hello,
i did some debugging today, here is the weird portion form sshd -d -d -d
debug1: userauth-request for user jholland service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method hostbased
debug1: userauth_hostbased: cuser jholland chost i2-0. pkalg ssh-dss slen
55
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> ... while OpenSSH does support using a CA in conjunction with hostbased
> authentication, it still requires a list of all authorized host names in the
> rhosts / shosts file.
I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files