Displaying 20 results from an estimated 2000 matches similar to: "@cert-authority for hostbased auth - sans shosts?"
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> ... while OpenSSH does support using a CA in conjunction with hostbased
> authentication, it still requires a list of all authorized host names in the
> rhosts / shosts file.
I'm not familiar with the use of .rhosts/.shosts, but I don't think those are needed at all with a machine or per-user known_hosts file/files
2023 Nov 10
1
@cert-authority for hostbased auth - sans shosts?
On Fri, 10 Nov 2023, Rory Campbell-Lange wrote:
> On 09/11/23, Marian Beermann (public at enkore.de) wrote:
> > ... while OpenSSH does support using a CA in conjunction with hostbased
> > authentication, it still requires a list of all authorized host names in the
> > rhosts / shosts file.
>
> I'm not familiar with the use of .rhosts/.shosts, but I don't think
2023 Nov 09
1
@cert-authority for hostbased auth - sans shosts?
Hi,
we're looking to reduce the number of host lists that
need to be kept in sync in our system. (There are quite a few of them
all over the place)
OpenSSH CAs are an obvious solution for not having to
keep all host keys in sync in /etc/ssh/known_hosts, however,
while OpenSSH does support using a CA in conjunction with hostbased
authentication,
it still requires a list of all authorized
2023 Nov 12
1
@cert-authority for hostbased auth - sans shosts?
On Sat, 11 Nov 2023, Marian Beermann wrote:
> On 11/10/23 04:17, Damien Miller wrote:
> > AIUI what he is asking for is a file that combines the host identity
> > of the system-wide ssh_known_hosts file with the host/user authorisation
> > of shosts in a single file.
> >
> > This might be a little cleaner, but IMO not so much so as to be highly
> >
2023 Nov 11
1
@cert-authority for hostbased auth - sans shosts?
On 11/10/23 04:17, Damien Miller wrote:
> AIUI what he is asking for is a file that combines the host identity
> of the system-wide ssh_known_hosts file with the host/user authorisation
> of shosts in a single file.
>
> This might be a little cleaner, but IMO not so much so as to be highly
> motivating (personally).
>
> -d
Yup, but since this is auth code I imagine it
2023 Nov 15
1
@cert-authority for hostbased auth - sans shosts?
On 11/11/23 9:31 PM, Damien Miller wrote:
> It's not discouraged so much as rarely used. It's very useful in some
> situations and I can think of good reasons to use it more often (e.g
> requiring both host and user identity as part of authentication).
>
> It definitely has more rough edges than user publickey authentication -
> it's harder to set up (admin only)
2002 Mar 29
2
Non-interactive root access via hostbased using shosts.equiv
Hello all!
I'm looking for a solution to the following problem -
I need to be able to use OpenSSH from root on one
system to perform work on several dozen other systems
using some automation. The restrictions that have to
be met to keep the business happy are that no
cleartext passwords or unencrypted private keys can be
stored on disk. Since this is within an automated
environment, there
2003 Feb 26
2
OpenSSH 3.4p1 hostbased authentication
Hi,
We want to use Hostbased Authentication in OpenSSH 3.4p1 completely based on
rhosts or shosts. Don't want to have any keys exchange between server and
client.
Created /etc/ssh/sshd_config on OpenSSH server with:
RhostsAuthentication yes
IgnoreRhosts no
HostbasedAuthentication yes
Created /etc/ssh/ssh_config on client with:
Host *
HostbasedAuthentication yes
Created /etc/rhosts.equiv,
2002 Apr 24
1
hostbased authentication and the root account
We have a problem using hostbased authentication in combination with the
root account. We use hostbased authentication to hop from a 'management
server' where we use strong authentication to several systems in a cluster.
The management server is defined in shosts.equiv and the public key of this
server is defined in ssh_known_hosts. This setup works for all users except
for the root user
2003 Dec 07
1
hostbased failing and can't derive reason of failure in debugging output
Hello,
I've troubles getting the hostbased method to work. I've given up on
system-to-system for now (different versions), and I'm just trying to
debug localhost. As far as I can see, the key is accepted, but then a
sudden "Failed hostbased" is returned:
[...]
debug3: mm_answer_keyallowed: key 0x8099bc0 is disallowed
debug3: mm_append_debug: Appending debug messages for
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2002 Jun 28
1
hostbased authentication problem in 3.4
I am seeing the same issues as another recent post, hostbased
authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c
patch posted, didn't seem to fix the problem.
Details:
Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d
Key from client ssh_host_rsa_key.pub copied to server /etc/ssh/ssh_known_hosts2
with comma-separated client hostnames added to front and a blank space before
rest of
2014 Mar 14
7
[Bug 2211] New: Too many hostbased authentication attempts
https://bugzilla.mindrot.org/show_bug.cgi?id=2211
Bug ID: 2211
Summary: Too many hostbased authentication attempts
Product: Portable OpenSSH
Version: 6.5p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2003 Feb 28
1
Hostbased Authentication Question
Hi,
I am still working on getting hostbased authentication working in
OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so
simple, yet I have continued to have problems getting it working properly.
I've read posts about it on this list, and the openssh-unix-dev list, and
nothing I have tried seems to work. My question is this, does it matter
which key, either
2003 Feb 05
0
openssh 3.5p1 hostbased authentication
hello,
i did some debugging today, here is the weird portion form sshd -d -d -d
debug1: userauth-request for user jholland service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method hostbased
debug1: userauth_hostbased: cuser jholland chost i2-0. pkalg ssh-dss slen
55
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
2001 Nov 15
1
ssh -2 and hostbasedauth
Hi,
I'm trying to figure out how to read OpenSSH's log files (to assist
our people in diagnosing "why is it always asking me for passwords").
All clients and servers are 3.0p1.
First: server does not have the client's RSA2 key in known_host.
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got
2003 Dec 18
2
known_hosts, IP, and port revisited
I dug through the list archives to see if this had come up before, and I
see that a bug <http://bugzilla.mindrot.org/show_bug.cgi?id=393> was
submitted and subsequently closed (basically rejected) in 2002.
The basic issue, for those of you who don't feel like following the bug
URL, is that when one has ssh servers behind a NAT, each of which responds
to a different port on the NAT IP,
2004 Aug 24
1
Possible problem with hostbased protocol 1 rhosts authentication
I found this problem when working with the Suse9.1 distribution, but have
since reproduced it with a vanilla build of Openssh
(openssh-3.9p1.tar.gz). Basically I cannot get a command like this:
XXXX>ssh -vvv -1 -o "RhostsAuthentication yes" AAAA
to work. Yes the appropriate settings are in the servers sshd_config file.
Hostbased protocol 1 ssh using rhosts between computers is
2002 Jul 19
1
OpenSSH 3.4p1 hostbased auth - howto?
How do you enable hostbased authentication in OpenSSH?
I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to
be able to ssh from either of the machines to the other, as any user,
without using passwords or per-user keys.
My /etc/ssh/sshd_config contains:
[...]
IgnoreRhosts no
HostbasedAuthentication yes
[...]
My /etc/ssh/ssh_config contains:
[...]
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure