[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: problem with HostbasedAuthentication



On Thu, Apr 28, 2011 at 1:54 AM, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote:
>>man ssh_config and look into PreferredAuthentications
> I added this line to sshd_config:
> ...
> HostbasedAuthentication yes
> PreferredAuthentications hostbased,keyboard-interactive,password,publickey
> ...
>
> afte restarting the service, the connection is refused while connecting to server from client:

restart was not necessary.

>
> mahmood@client:~$ ssh -vvv server
> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to server [192.168.1.1] port 22.
> debug1: connect to address 192.168.1.1 port 22: Connection refused
> ssh: connect to host server port 22: Connection refused

if suggestion from Sharad did not help post the debug output of the
sshd as well.

>
>>It could be a permissions issue.  Try 'chmod 600 ~/.shosts'.
> I changed to 600 however still get the same prompt
>
>
> // Naderan *Mahmood;
>
>
> ----- Original Message -----
> From: Asif Iqbal <vadud3@xxxxxxxxx>
> To: Mahmood Naderan <nt_mahmood@xxxxxxxxx>
> Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx>
> Sent: Wednesday, April 27, 2011 11:38 PM
> Subject: Re: problem with HostbasedAuthentication
>
> On Wed, Apr 27, 2011 at 1:12 AM, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote:
>>>Change the order method. Have hostbased before password
>>
>> Sorry where should I do that?
>
> man ssh_config and look into PreferredAuthentications
>
>>
>> // Naderan *Mahmood;
>>
>> From: Asif Iqbal <vadud3@xxxxxxxxx>
>> To: Mahmood Naderan <nt_mahmood@xxxxxxxxx>
>> Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx>
>> Sent: Wednesday, April 27, 2011 9:17 AM
>> Subject: Re: problem with HostbasedAuthentication
>>
>>
>> Change the order method. Have hostbased before password
>> On Apr 26, 2011 11:52 PM, "Mahmood Naderan" <nt_mahmood@xxxxxxxxx> wrote:
>>>
>>>
>>> Hi,
>>> I am trying to setup a hostbased passwrodless ssh from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
>>>
>>> The client looks like:
>>>
>>> mahmood@client:~$ cat /etc/ssh/ssh_config  | grep "HostbasedAuthentication"
>>>    HostbasedAuthentication yes
>>> mahmood@client:~$ cat /etc/ssh/ssh_config  | grep "EnableSSHKeysign"
>>>    EnableSSHKeysign yes
>>>
>>>
>>> and the server looks like:
>>> mahmood@server:~$ cat /etc/ssh/sshd_config  | grep "HostbasedAuthentication"
>>> HostbasedAuthentication yes
>>> mahmood@server:~$ cat /etc/ssh/sshd_config  | grep "IgnoreRhosts"
>>> IgnoreRhosts no
>>>
>>> also the server has the key for client:
>>>
>>> mahmood@server:~$ cat /etc/ssh/ssh_known_hosts
>>> client ssh-rsa AAAAB3Nz.....
>>>
>>> the ~/.shosts file on the server contains:
>>> mahmood@server:~$ cat .shosts
>>> client.domain mahmood
>>>
>>> Then on both server and client, the ssh service is restarted:
>>> mahmood@client:~$ sudo service ssh restart
>>> ssh start/running, process 1355
>>> mahmood@server:~$ sudo service ssh restart
>>> ssh start/running, process 28982
>>>
>>> How, when I run "ssh -vvv server" from client (to show the verbose messages), I still get the password prompt.
>>>
>>> mahmood@client:~$ ssh -vvv server
>>> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>> debug1: Applying options for *
>>> debug2: ssh_connect: needpriv 0
>>> debug1: Connecting to server [192.168.1.1] port 22.
>>> debug1: Connection established.
>>> debug1: identity file /home/mahmood/.ssh/identity type -1
>>> debug1: identity file /home/mahmood/.ssh/id_rsa type -1
>>> debug1: identity file /home/mahmood/.ssh/id_dsa type -1
>>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4
>>> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
>>> debug1: Enabling compatibility mode for protocol 2.0
>>> debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
>>> debug2: fd 3 setting O_NONBLOCK
>>> debug1: SSH2_MSG_KEXINIT sent
>>> debug3: Wrote 792 bytes for a total of 831
>>> debug1: SSH2_MSG_KEXINIT received
>>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
>>> group1-sha1
>>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>>> md5-96
>>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>>> md5-96
>>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
>>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit: first_kex_follows 0
>>> debug2: kex_parse_kexinit: reserved 0
>>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
>>> group1-sha1
>>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
>>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
>>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>>> md5-96
>>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-
>>> md5-96
>>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
>>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit: first_kex_follows 0
>>> debug2: kex_parse_kexinit: reserved 0
>>> debug2: mac_setup: found hmac-md5
>>> debug1: kex: server->client aes128-ctr hmac-md5 none
>>> debug2: mac_setup: found hmac-md5
>>> debug1: kex: client->server aes128-ctr hmac-md5 none
>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>> debug3: Wrote 24 bytes for a total of 855
>>> debug2: dh_gen_key: priv key bits set: 124/256
>>> debug2: bits set: 507/1024
>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>> debug3: Wrote 144 bytes for a total of 999
>>> debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
>>> debug3: check_host_in_hostfile: match line 1
>>> debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
>>> debug3: check_host_in_hostfile: match line 2
>>> debug1: Host 'server' is known and matches the RSA host key.
>>> debug1: Found key in /home/mahmood/.ssh/known_hosts:1
>>> debug2: bits set: 503/1024
>>> debug1: ssh_rsa_verify: signature correct
>>> debug2: kex_derive_keys
>>> debug2: set_newkeys: mode 1
>>> debug1: SSH2_MSG_NEWKEYS sent
>>> debug1: expecting SSH2_MSG_NEWKEYS
>>> debug3: Wrote 16 bytes for a total of 1015
>>> debug2: set_newkeys: mode 0
>>> debug1: SSH2_MSG_NEWKEYS received
>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>> debug3: Wrote 48 bytes for a total of 1063
>>> debug2: service_accept: ssh-userauth
>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>> debug2: key: /home/mahmood/.ssh/identity ((nil))
>>> debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
>>> debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
>>> debug3: Wrote 64 bytes for a total of 1127
>>> debug1: Authentications that can continue: publickey,password,hostbased
>>> debug3: start over, passed a different list publickey,password,hostbased
>>> debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
>>> debug3: authmethod_lookup hostbased
>>> debug3: remaining preferred: publickey,keyboard-interactive,password
>>> debug3: authmethod_is_enabled hostbased
>>> debug1: Next authentication method: hostbased
>>> debug2: userauth_hostbased: chost client.
>>> debug2: ssh_keysign called
>>> debug3: ssh_msg_send: type 2
>>> debug3: ssh_msg_recv entering
>>> debug1: permanently_drop_suid: 1000
>>> debug2: we sent a hostbased packet, wait for reply
>>> debug3: Wrote 608 bytes for a total of 1735
>>> debug1: Authentications that can continue: publickey,password,hostbased
>>> debug2: userauth_hostbased: chost client.
>>> debug2: ssh_keysign called
>>> debug3: ssh_msg_send: type 2
>>> debug3: ssh_msg_recv entering
>>> debug1: permanently_drop_suid: 1000
>>> debug2: we sent a hostbased packet, wait for reply
>>> debug3: Wrote 672 bytes for a total of 2407
>>> debug1: Authentications that can continue: publickey,password,hostbased
>>> debug1: No more client hostkeys for hostbased authentication.
>>> debug2: we did not send a packet, disable method
>>> debug3: authmethod_lookup publickey
>>> debug3: remaining preferred: keyboard-interactive,password
>>> debug3: authmethod_is_enabled publickey
>>> debug1: Next authentication method: publickey
>>> debug1: Trying private key: /home/mahmood/.ssh/identity
>>> debug3: no such identity: /home/mahmood/.ssh/identity
>>> debug1: Trying private key: /home/mahmood/.ssh/id_rsa
>>> debug3: no such identity: /home/mahmood/.ssh/id_rsa
>>> debug1: Trying private key: /home/mahmood/.ssh/id_dsa
>>> debug3: no such identity: /home/mahmood/.ssh/id_dsa
>>> debug2: we did not send a packet, disable method
>>> debug3: authmethod_lookup password
>>> debug3: remaining preferred: ,password
>>> debug3: authmethod_is_enabled password
>>> debug1: Next authentication method: password
>>> mahmood@server's password:
>>>
>>>
>>> Any idea about that?
>>>
>>> // Naderan *Mahmood;
>>>
>>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



[Home]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Add to Google Powered by Linux