I really stumbled, but finally got it to work between 2 solaris 2.6
systems, using ssh 2.0.13. (for root user). I'll leave it to the reader
to make the corresponding tweaks for non-root users. Here's what I
did. (The client host, running ssh2, I will call chost, and the server
host, running sshd2, I will call shost).
--- Patches ---
1) applied Sami Lehtinen's patch to update
apps/ssh/sshauthmethod{c,s}.c, as posted to the ssh mailing list
(http://www.cs.hut.fi/ssh-archive/messages/990622-122128-12476)
2) after much debugging, modified ssh-signer2.c as follows. There was a
race condition that caused ssh to deadlock about half the time. This
occurred if !packet_already_sent and !signer->packet_waiting.
diff -u ssh-signer2.c.orig ssh-signer2.c
--- ssh-signer2.c.orig Fri Sep 3 21:00:52 1999
+++ ssh-signer2.c Fri Sep 3 21:15:22 1999
@@ -483,9 +483,11 @@
if (packet_already_sent)
return;
+/************* wrong place (Ian Duplisse 9-2-1999)
else
packet_already_sent = TRUE;
-
+*************/
+
if (signer->packet_waiting)
{
@@ -500,6 +502,7 @@
SSH_FORMAT_END);
signer->packet_waiting = FALSE;
+ packet_already_sent = TRUE;
}
}
--- Installation ---
3) installed this patched version on shost and chost
--- Configuration ---
4) modified /etc/ssh2/sshd2_config on both systems
AllowedAuthentications hostbased,publickey,password
5) added chost to shost:/.shosts (/etc/shosts.equiv should probably be
done too)
6) copied chost:/etc/ssh2/hostkey.pub to
shost:/etc/ssh2/knownhosts/chost.ssh-dss.pub
7) as root on chost, ssh shost once (to build
chost:/.ssh2/hostkeys/key_22_shost.pub)
(Each user probably needs to do this to build ~/.ssh2/hostkeys/...)
HTH,
Ian
In article <[EMAIL PROTECTED]>,
Tom Van Dreser <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I must be stupid, because I can't figure this out. Judging from the lack
> of other inquiries on the same subject, it must be simple to do.
>
> We are running SSH 2.0.13 on Solaris 2.6
>
> What we are trying to do is configure SSH to allow a user to use scp and
> other secure "r-type" commands with out being prompted for a password or
> passphrase. I understand this to be hostbased authentication. However, I
> can not get it to work and have worked myself into a confused tizzy. My
> sources for figuring this out are the SSH README and the SSHD man page.
>
> In short, what must one do to enable the use of scp without a password
> or passphrase. What files need to be where and what public and private
> keys are needed and what are the keys to be named.
>
> Thanks in advance
> Tom
>
> -----------------
> Tom Van Dreser
> USGS, Golden CO
> [EMAIL PROTECTED]
>
>
