I cannot use HostbasedAuthentication with ssh. ssh just keeps on asking for the password. Here is what I tried:
I have SSH (OpenSSH_2.9p2) running with RhostsRSAAuthentication just fine -- users can log in from one computer to another without using a password or setting up and .ssh/authorized_keys file. But now the ssh in woody changed and protocol version two is the default so I want to make sure that HostbasedAuthentication is working as well. I set "HostbasedAuthentication yes" in /etc/ssh/sshd_config. I then added the public keys from the other hosts to /etc/ssh/ssh_known_hosts2 (by logging in to them and then copying my ~/.ssh/known_hosts2 file to /etc/ssh/ssh_known_hosts2). Now /etc/ssh/ssh_known_hosts2 contains: gandalf,192.168.1.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1zi/GNCWr0RAKwyI2dfo5ut4V/ixE/lXCoQo0gCq6KmAiUzW/bei+CcROrXIYd2D+GEZx5DzvkCZung/9dukffYMto9FVcYIShSnTi/c4k5d8utU6XWT2RfPfq85dcL+wGuTS/JzxL1M8r/pvskCjEzboeULGhdNF6cllqmPxSs= gandalf.local ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1zi/GNCWr0RAKwyI2dfo5ut4V/ixE/lXCoQo0gCq6KmAiUzW/bei+CcROrXIYd2D+GEZx5DzvkCZung/9dukffYMto9FVcYIShSnTi/c4k5d8utU6XWT2RfPfq85dcL+wGuTS/JzxL1M8r/pvskCjEzboeULGhdNF6cllqmPxSs= But when I try to log in from gandalf to the computer in question ssh will still ask for the password. Here is the debug output from sshd: aragorn:/etc/ssh# sshd -d -e debug1: Seeding random number generator debug1: sshd version OpenSSH_2.9p2 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 192.168.1.2 port 1154 debug1: Client protocol version 2.0; client software version OpenSSH_2.9p2 debug1: match: OpenSSH_2.9p2 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_2.9p2 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 139/256 debug1: bits set: 989/2049 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 995/2049 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user wh service ssh-connection method none debug1: attempt 0 failures 0 debug1: Starting up PAM with username "wh" debug1: PAM setting rhost to "gandalf.local" Failed none for wh from 192.168.1.2 port 1154 ssh2 [the client asks for the password now] [...] And from the client: [EMAIL PROTECTED]:~$ ssh -v aragorn.local OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1000 geteuid 0 anon 1 debug1: Connecting to aragorn.local [192.168.1.8] port 22. debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/wh/.ssh/identity type 0 debug1: identity file /home/wh/.ssh/id_rsa type -1 debug1: identity file /home/wh/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2 debug1: match: OpenSSH_2.9p2 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_2.9p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 134/256 debug1: bits set: 1023/2049 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'aragorn.local' is known and matches the RSA host key. debug1: Found key in /home/wh/.ssh/known_hosts2:2 debug1: bits set: 1026/2049 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is publickey debug1: try privkey: /home/wh/.ssh/id_rsa debug1: try privkey: /home/wh/.ssh/id_dsa debug1: next auth method to try is password [EMAIL PROTECTED]'s password: Can someone see what is wrong? I tried to strace sshd and found that it will not open the file /etc/ssh/shosts.equiv (which is where gandalf is listed) unless the client is invoked by the -1 option. So how can I make sure that ssh uses the /etc/ssh/shosts.equiv file?? (I'm pretty sure that DNS is set up correctly, logging in with protocol version 1, i.e. "ssh -1" still works without asking for passwords.) Thanks for your help, Walter
