I am trying to allow _all users_ on CLIENT to login to
SERVER without a password.
IMPORTANT: I am not interested in user keys _at all_
- at no point in this process should I ever be dealing
with any keys in /home/user/.ssh - I am only
interested in doing this with HOST keys - where I copy
one key between SERVER and CLIENT, and _all_ users on
CLIENT can login to SERVER without a password. Don't
even mention user keys.
My /etc/sshd/sshd_config is exactly the same on both
SERVER and CLIENT:
#VersionAddendum FreeBSD-20020629
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# Authentication:
IgnoreRhosts yes
#RhostsRSAAuthentication no
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
ChallengeResponseAuthentication no
Further, SERVER has CLIENT in its /etc/hosts.equiv,
and CLIENT has SERVER in its /etc/hosts.equiv
Finally, I have copied the output of
/etc/sshd/ssh_host_rsa_key.pub on each system to
/etc/ssh/known_hosts on the other system. The
permissions on /etc/ssh/known_hosts on each system
are:
2 -rw-r--r-- 1 root wheel
So that's it. The options are set in sshd_config, the
keys have been exchanged, hosts.equiv are populated
and permissions are correct.
SO now I go to CLIENT and run:
ssh [EMAIL PROTECTED]
and I get a password prompt!!!
So what am I doing wrong ? Again - NO user keys are
used and I am not interested in user keys _AT ALL_.
DOn't even mention the /home/user/.ssh directory. The
goal here is to share one public key between SERVER
and CLIENT and allow _all_ users on CLIENT to log into
SERVER without a password.
So what am I doing wrong ?
thanks.
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
