On 20 Apr 2001 15:22:25 +0200, Mario Vukelic wrote: NOTE: For the case that other people have problems too (and for the archive), I'll annotate my original config with info on how it works
> please help before I tear my hair out. I'm trying to get > RhostsRSAAuthentication to work. > [...] > I've generated the host keys with > [EMAIL PROTECTED]:/etc/ssh# ssh-keygen -t dsa -f ssh_host_dsa_key (with empty > passphrase) RhostRSAAuthentication seems to work only with protocol 1. Therefore everything must be set up for Protocol 1: [EMAIL PROTECTED]:/etc/ssh# ssh-keygen -f ssh_host_key > Then I prepared > /etc/ssh/ssh_known_hosts2 ssh_known_hosts > I've also generated user keys and distributed them > [EMAIL PROTECTED]:~/.ssh$ ssh-keygen -t dsa ssh-keygen -f id_rsa1 > (now send ~/.ssh/id_dsa.pub to [EMAIL PROTECTED]) > [EMAIL PROTECTED]:~$ mv id_dsa.pub .ssh/authorized_keys2 > (and vice versa) .ssh/authorized_keys > This is my config: > [EMAIL PROTECTED]:/etc/ssh# cat sshd_config > (excerpt) > Protocol 2,1 1,2 > HostKey /etc/ssh/ssh_host_dsa_key ssh_host_key > IgnoreRhosts yes > IgnoreUserKnownHosts yes > RhostsAuthentication no > RhostsRSAAuthentication yes > RSAAuthentication yes > PasswordAuthentication yes > > [EMAIL PROTECTED]:/etc/ssh# cat ssh_config > (excerpt) > Host ONE > RhostsAuthentication no > RhostsRSAAuthentication yes > RSAAuthentication yes > PasswordAuthentication yes > FallBackToRsh no > UseRsh no > IdentityFile ~/.ssh/id_dsa ~/.ssh/id_rsa1 > Protocol 2,1 1,2 > > [EMAIL PROTECTED]:/etc# cat hosts.equiv > +TWO > [EMAIL PROTECTED]:/etc# ls -l hosts.equiv > -rw-r--r-- 1 root root 13 Apr 20 12:17 ../hosts.equiv OK > > [EMAIL PROTECTED]:/etc# cat hosts.equiv > +ONE > [EMAIL PROTECTED]:/etc# ls -l hosts.equiv > -rw-r--r-- 1 root root 13 Apr 20 12:18 ../hosts.equiv OK -- I did not vote for the Austrian government
