From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G71YP-00030H-OW for garchives@archives.gentoo.org; Sun, 30 Jul 2006 03:01:22 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k6U2x6TH004770; Sun, 30 Jul 2006 02:59:06 GMT Received: from ms-smtp-03.ohiordc.rr.com (ms-smtp-03.ohiordc.rr.com [65.24.5.137]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k6U2utKE002154 for ; Sun, 30 Jul 2006 02:56:55 GMT Received: from [192.168.1.101] (cpe-24-93-160-159.neo.res.rr.com [24.93.160.159]) by ms-smtp-03.ohiordc.rr.com (8.13.6/8.13.6) with ESMTP id k6U2urBf014836 for ; Sat, 29 Jul 2006 22:56:54 -0400 (EDT) Message-ID: <44CC1FF5.9030007@neo.rr.com> Date: Sat, 29 Jul 2006 22:56:53 -0400 From: John Blinka User-Agent: Thunderbird 1.5.0.4 (X11/20060709) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] how to get ssh host based authentication working? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Archives-Salt: 27017ba8-3402-43b4-922d-3f7b5047ba9f X-Archives-Hash: 8a9e71d0683f2a8e333755243790b4ea Hi, folks, I'd like to get host based ssh authentication working within all the gentoo boxes on my home network. I've had no success yet - I hope someone can enlighten me! What I've done so far on the server side is: set HostbasedAuthentication yes in sshd_config set HostbasedAuthentication yes in ssh_config added /etc/ssh/shosts.equiv containing names of client boxes added /etc/ssh/ssh_known_hosts containing public host keys of client boxes Client boxes are configured similarly. When I try to ssh from one box to another, I always get a request for a password, which is what I'm trying to avoid. Below is an excerpt from an attempt to ssh from one box to another while requesting the maximum amount of debugging info. It looks like ssh is trying to use host based authentication, but for some reason it fails. I'd appreciate any ideas about what might be going wrong. John Blinka debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts debug3: check_host_in_hostfile: match line 5 debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts debug3: check_host_in_hostfile: match line 5 debug1: Host 'tobey' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:5 debug2: bits set: 469/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/identity ((nil)) debug2: key: /root/.ssh/id_rsa (0x8095528) debug2: key: /root/.ssh/id_dsa (0x80964c0) debug1: Authentications that can continue: publickey,keyboard-interactive,hostbased debug3: start over, passed a different list publickey,keyboard-interactive,hostbased debug3: preferred hostbased,publickey,keyboard-interactive,password debug3: authmethod_lookup hostbased debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled hostbased debug1: Next authentication method: hostbased debug2: userauth_hostbased: chost lotus.bluebar.org. debug2: we sent a hostbased packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive,hostbased debug2: userauth_hostbased: chost lotus.bluebar.org. debug2: we sent a hostbased packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive,hostbased debug1: No more client hostkeys for hostbased authentication. debug2: we did not send a packet, disable method -- gentoo-user@gentoo.org mailing list