Hi there,
I have installed ssh-2.1.0 (and patch1) into a small local network
running Linux (2.2.12-20) and Solaris 2.7 and, based on the instructions
of FAQ 3.5, I set up a hostbased authentication system for the local
machines. The "sshd2_config" files for all machines are identical to
#================================================================
*:
Port 22
ListenAddress 0.0.0.0
Ciphers AnyStd
IdentityFile identification
AuthorizationFile authorization
HostKeyFile hostkey
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
ForwardAgent yes
ForwardX11 yes
PasswordGuesses 3
PermitRootLogin no
AllowedAuthentications publickey,password,hostbased
ForcePTTYAllocation no
VerboseMode no
PrintMotd yes
CheckMail yes
UserConfigDirectory "%D/.ssh2"
SyslogFacility AUTH
Ssh1Compatibility yes
AllowSHosts euler hiparco newton galileu lana
IgnoreRhosts yes
IgnoreRootRHosts yes
RequireReverseMapping no
UserKnownHosts no
MaxBroadcastsPerSecond 1
subsystem-sftp sftp-server
#==================================================================
and "/etc/shosts.equiv" files look like
#==============
euler
hiparco
newton
galileu
lana
#==============
This way I hope to be able to give control only to the superuser
about which machines are allowed to login.
Nevertheless, independent of the contents of "/etc/shosts.equiv" or
"AllowSHosts", users from euler, hiparco, newton, galileu or lana
can allways login into or from any of these machines. For instance,
if I remove "hiparco' from "shosts.equiv" or from "AllowSHosts" any
user can still be authenticated when login from "hiparco", and no
password is asked.
Is the information on "etc/shosts.equiv" and on AllowSHosts just
been ignored by ssh? By the way, "DenyShosts" doesn't seem to work either.
Alex Schmidt
-------------------------------------------------------
