[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: problem with HostbasedAuthentication



On Wed, Apr 27, 2011 at 1:12 AM, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote:
>>Change the order method. Have hostbased before password
>
> Sorry where should I do that?

man ssh_config and look into PreferredAuthentications

>
> // Naderan *Mahmood;
>
> From: Asif Iqbal <vadud3@xxxxxxxxx>
> To: Mahmood Naderan <nt_mahmood@xxxxxxxxx>
> Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx>
> Sent: Wednesday, April 27, 2011 9:17 AM
> Subject: Re: problem with HostbasedAuthentication
>
>
> Change the order method. Have hostbased before password
> On Apr 26, 2011 11:52 PM, "Mahmood Naderan" <nt_mahmood@xxxxxxxxx> wrote:
>>
>>
>> Hi,
>> I am trying to setup a hostbased passwrodless ssh from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
>>
>> The client looks like:
>>
>> mahmood@client:~$ cat /etc/ssh/ssh_config  | grep "HostbasedAuthentication"
>>    HostbasedAuthentication yes
>> mahmood@client:~$ cat /etc/ssh/ssh_config  | grep "EnableSSHKeysign"
>>    EnableSSHKeysign yes
>>
>>
>> and the server looks like:
>> mahmood@server:~$ cat /etc/ssh/sshd_config  | grep "HostbasedAuthentication"
>> HostbasedAuthentication yes
>> mahmood@server:~$ cat /etc/ssh/sshd_config  | grep "IgnoreRhosts"
>> IgnoreRhosts no
>>
>> also the server has the key for client:
>>
>> mahmood@server:~$ cat /etc/ssh/ssh_known_hosts
>> client ssh-rsa AAAAB3Nz.....
>>
>> the ~/.shosts file on the server contains:
>> mahmood@server:~$ cat .shosts
>> client.domain mahmood
>>
>> Then on both server and client, the ssh service is restarted:
>> mahmood@client:~$ sudo service ssh restart
>> ssh start/running, process 1355
>> mahmood@server:~$ sudo service ssh restart
>> ssh start/running, process 28982
>>
>> How, when I run "ssh -vvv server" from client (to show the verbose messages), I still get the password prompt.
>>
>> mahmood@client:~$ ssh -vvv server
>> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: Applying options for *
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to server [192.168.1.1] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/mahmood/.ssh/identity type -1
>> debug1: identity file /home/mahmood/.ssh/id_rsa type -1
>> debug1: identity file /home/mahmood/.ssh/id_dsa type -1
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4
>> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
>> debug2: fd 3 setting O_NONBLOCK
>> debug1: SSH2_MSG_KEXINIT sent
>> debug3: Wrote 792 bytes for a total of 831
>> debug1: SSH2_MSG_KEXINIT received
>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
>> group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>> md5-96
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>> md5-96
>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
>> group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>> md5-96
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>> md5-96
>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: mac_setup: found hmac-md5
>> debug1: kex: server->client aes128-ctr hmac-md5 none
>> debug2: mac_setup: found hmac-md5
>> debug1: kex: client->server aes128-ctr hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug3: Wrote 24 bytes for a total of 855
>> debug2: dh_gen_key: priv key bits set: 124/256
>> debug2: bits set: 507/1024
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug3: Wrote 144 bytes for a total of 999
>> debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
>> debug3: check_host_in_hostfile: match line 1
>> debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
>> debug3: check_host_in_hostfile: match line 2
>> debug1: Host 'server' is known and matches the RSA host key.
>> debug1: Found key in /home/mahmood/.ssh/known_hosts:1
>> debug2: bits set: 503/1024
>> debug1: ssh_rsa_verify: signature correct
>> debug2: kex_derive_keys
>> debug2: set_newkeys: mode 1
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug3: Wrote 16 bytes for a total of 1015
>> debug2: set_newkeys: mode 0
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug3: Wrote 48 bytes for a total of 1063
>> debug2: service_accept: ssh-userauth
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug2: key: /home/mahmood/.ssh/identity ((nil))
>> debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
>> debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
>> debug3: Wrote 64 bytes for a total of 1127
>> debug1: Authentications that can continue: publickey,password,hostbased
>> debug3: start over, passed a different list publickey,password,hostbased
>> debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
>> debug3: authmethod_lookup hostbased
>> debug3: remaining preferred: publickey,keyboard-interactive,password
>> debug3: authmethod_is_enabled hostbased
>> debug1: Next authentication method: hostbased
>> debug2: userauth_hostbased: chost client.
>> debug2: ssh_keysign called
>> debug3: ssh_msg_send: type 2
>> debug3: ssh_msg_recv entering
>> debug1: permanently_drop_suid: 1000
>> debug2: we sent a hostbased packet, wait for reply
>> debug3: Wrote 608 bytes for a total of 1735
>> debug1: Authentications that can continue: publickey,password,hostbased
>> debug2: userauth_hostbased: chost client.
>> debug2: ssh_keysign called
>> debug3: ssh_msg_send: type 2
>> debug3: ssh_msg_recv entering
>> debug1: permanently_drop_suid: 1000
>> debug2: we sent a hostbased packet, wait for reply
>> debug3: Wrote 672 bytes for a total of 2407
>> debug1: Authentications that can continue: publickey,password,hostbased
>> debug1: No more client hostkeys for hostbased authentication.
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup publickey
>> debug3: remaining preferred: keyboard-interactive,password
>> debug3: authmethod_is_enabled publickey
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /home/mahmood/.ssh/identity
>> debug3: no such identity: /home/mahmood/.ssh/identity
>> debug1: Trying private key: /home/mahmood/.ssh/id_rsa
>> debug3: no such identity: /home/mahmood/.ssh/id_rsa
>> debug1: Trying private key: /home/mahmood/.ssh/id_dsa
>> debug3: no such identity: /home/mahmood/.ssh/id_dsa
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup password
>> debug3: remaining preferred: ,password
>> debug3: authmethod_is_enabled password
>> debug1: Next authentication method: password
>> mahmood@server's password:
>>
>>
>> Any idea about that?
>>
>> // Naderan *Mahmood;
>>
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



[Home]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Add to Google Powered by Linux