To preface myself, I first checked the FAQ's (master and all mirrors) and
the section that would appear to deal with the issue at hand is missing
from all of them (section 3.5). I also looked for a list archive, but if
there is one, it's obfuscated.
I then read all of the updated man pages for ssh2, sshd2 and ssh-agent,
and proceeded to follow the instructions therin.
To wit:
I have two machines, the host (192.168.1.11) and the client
(192.168.1.10), both living on the same 192.168.1.0/24 network.
My goal is to allow a process which uses the root account on .10 to access
.11 without having to send the password.
I proceeded in several steps:
1. ssh2'd from each machine to the other, using the root account to create
local public keys.
2. added a .shosts entry containing "192.168.1.10 root" in root's ~/ on
192.168.1.11
3. ensured that sshd2_config on .11 included "hostbased" in the line
"AllowedAuthentications"
4. Restarted sshd2 on .11 and tested with "ssh2 -l root 192.168.1.11" from
.10, no luck.
5. ran ssh-keygen2 as root on the .10, creating a file named
id_dsa_1024_a.pub with a NULL password, which I then scp'd to .11
6. created an "/etc/shosts.equiv" and copied id_dsa_1024_a.pub to
"/etc/ssh2/knownhosts/192.168.1.10.ssh-dsa.pub" on .11
7. Restarted sshd2 on .11 and tested with "ssh2 -l root 192.168.1.11" from
.10, no luck.
8. Copied id_dsa_1024_a.pub to root's ~/.ssh2/ and created an
"authorization" file with an entry of "Key<TAB>
id_dsa_1024_a.pub" on the first line.
9. Restarted sshd2 on .11 and tested with "ssh2 -l root 192.168.1.11" from
.10, no luck.
Debug messages were never generated by sshd2. I did modify the ssh2
script in "/etc/rc.d/init.d" to start sshd2 with debug and in verbose
mode.
At this point, feeling a bit frustrated, I paused for the evening.
ssh2-2.1.0.pl2 was compiled with:
"./configure --prefix=/usr --sysconfdir=/etc/ssh2 --enable-debug"
using gcc v2.95.2
I'll admit it, I'm stumped.
Anyone have a suggestion or two??
- Ed
