weird host based authentication behaviour

Thu, 17 Jun 1999 19:54:30 -0700 


I've set up ssh 2.0.13 using host based authentication.  My
/etc/ssh2/sshd2_config file contains the following:

# sshd2_config
# SSH 2.0 Server Configuration File

*:
        Port                            22
        ListenAddress                   0.0.0.0
        Ciphers                         AnyStd
        IdentityFile                    identification
        AllowedAuthentications          publickey,password,hostbased
        AuthorizationFile               authorization
        HostKeyFile                     hostkey
        PublicHostKeyFile               hostkey.pub
        RandomSeedFile                  random_seed
        ForwardAgent                    yes
        ForwardX11                      yes
        PasswordGuesses                 3
        PermitRootLogin                 yes
        ForcePTTYAllocation             no
        VerboseMode                     no
        PrintMotd                       yes
        UserConfigDirectory             "%D/.ssh2"
        UserKnownHosts                  yes
        SyslogFacility                  AUTH
        Ssh1Compatibility               yes

# subsystem definitions

        subsystem-sftp                  sftp-server


====

in my $HOME/.ssh2/identification file I have (though I'm not really sure
whether or not it's needed):

IdKey id_dsa_1024_a

====

in $HOME/.ssh2/knownhosts/remote.host.com.ssh-dss.pub  I have the remote
server's /etc/ssh2/hostkey.pub.


When I connect from the remote host, I'm still prompted for a password, but I
can hit return or put anything in as my password and then it logs me in.  The
behaviour I expect is not to be prompted for a password at all.  I'm guessing
I missed something simple, but I'm not sure what.


Here's a -v transaction:

# ssh -v my.host.com
Development-time debugging not compiled in.
To enable, configure with --enable-debug and recompile.
debug: hostname is 'my.host.com'.
debug: Unable to open /home/foo/.ssh2/ssh2_config
Development-time debugging not compiled in.
To enable, configure with --enable-debug and recompile.
debug: connecting to my.host.com...
debug: entering event loop
debug: ssh_client_wrap: creating transport protocol
debug: ssh_client_wrap: creating userauth protocol
debug: Remote version: SSH-1.99-2.0.13 (non-commercial)
debug: Host key found from the database.
foo's password: 

<Here I need to enter return>


PasswordAuthentication configuration keyword is deprecated. Use AllowedAuthentications.
PubkeyAuthentication configuration keyword is deprecated. Use AllowedAuthentications.
debug: Ssh2AuthHostBasedClient/authc-hostbased.c:329/ssh_client_auth_hostbased: Child: 
Execing ssh-signer...(path: ssh-signer2)
debug: Ssh2AuthHostBasedClient/authc-hostbased.c:71/auth_hostbased_received_packet: 
ssh-signer returned SSH_AUTH_HOSTBASED_SIGNATURE
debug: ssh_pipe_stream_destroy
debug: ssh_sigchld_real_callback
debug: ssh_sigchld_process_pid: no handler for pid 28553 code 0
debug: Ssh2/ssh2.c:304/client_authenticated: client_authenticated


<Here I'm logged in, and when I exit back to the remote machine...>

debug: session_close
debug: destroying client struct...
debug: uninitializing event loop


Anyone have any clues?

-- 
Amy Rich <[EMAIL PROTECTED]>                    Oceanwave Consulting, Inc.
UNIX Systems Administration Consultant          12 Hines Way
http://www.oceanwave.com/                       Marblehead, MA  01945
Phone: 781-631-6160                             Fax: 781-631-6160

Reply via email to