Problems connecting from ssh gateway to internal machine.

Tue, 21 Nov 2000 16:09:14 -0800 

I have single gateway machine for remote users on which I'm using passwd 
and public key authentication. From there I'm trying to ssh2 to an internal 
machine using what I'm hoping to be hostbased authentication plus passwd.

My remote is A, the gateway B and the internal machine C. B&C are Linux and 
A an NT workstation. I'm working fine going from A to B. Going from B to C 
is the problem.

I've been copying over the hostkey.pub from machine B to C in 
/etc/ssh2/knownhosts.  I've copied it as B.domain.ssh-dss.pub ..that didn't 
work so I copied it as B.ssh-dss.pub and I've copied this file as 
itself..hostkey.pub.. all to no avail.

The hostkey.pub file is the same on both B and C; See checksums:
[root@B ssh2]# sum hostkey.pub
45376     1

[root@C knownhosts]# sum *
45376     1 B.rlg.org.ssh-dss.pub
45376     1 B.ssh-dss.pub
45376     1 hostkey.pub

On machine B I created ~/.shosts with an entry of "B.domain      user". 
It's owned by user and has 0400 mode.
Example:
[user@B user]$ ls -l .shosts
-r--------    1 user      user            14 Nov 21 10:58 .shosts


[user@B user]$ cat .shosts
B                 user


Here's a copy of the sshd2_config file and following that a verbose log of 
sshd2 on machine C.
root@C knownhosts]# cat /etc/ssh2/sshd2_config
# sshd2_config
# SSH 2.0 Server Configuration File

*:
         Port                            22
         ListenAddress                   0.0.0.0
         Ciphers                         AnyStd
#       Ciphers                         AnyCipher
#       Ciphers                         AnyStdCipher
#       Ciphers                         3des
         IdentityFile                    identification
         AuthorizationFile               authorization
         HostKeyFile                     hostkey
         PublicHostKeyFile               hostkey.pub
         RandomSeedFile                  random_seed
         ForwardAgent                    yes
         ForwardX11                      yes
# DEPRECATED    PasswordAuthentication          yes
         PasswordGuesses                 3
#       MaxConnections                  50
# 0 == number of connections not limited
         MaxConnections                  0
#       PermitRootLogin                 nopwd
         PermitRootLogin                 no
# DEPRECATED    PubkeyAuthentication            yes
#       AllowedAuthentications          publickey,password,hostbased
#       AllowedAuthentications          password,hostbased
         AllowedAuthentications          hostbased,password
#       RequiredAuthentications         publickey,password
#       RequiredAuthentications         password,hostbased
         RequiredAuthentications         hostbased,password
         ForcePTTYAllocation             no
         VerboseMode                     yes
         PrintMotd                       yes
         CheckMail                       yes
         UserConfigDirectory             "%D/.ssh2"
#       UserConfigDirectory             "/etc/ssh2/auth/%U"
         SyslogFacility                  AUTH
#       SyslogFacility                  LOCAL7
         Ssh1Compatibility               yes
#       Sshd1Path                       <set by configure>
#       AllowHosts                      localhost
#       DenyHosts                       evil.org, aol.com
#       AllowSHosts                     localhost
#       DenySHosts                      not.quite.trusted.org
#       NoDelay                         yes

#       KeepAlive                       yes
         RequireReverseMapping           yes
         UserKnownHosts                  yes
DefaultDomain rlg.org
IgnoreRhosts    no
# subsystem definitions

         subsystem-sftp                  sftp-server

___________________________________________________
sshd2 -v
WARNING: Development-time debugging not compiled in.
WARNING: To enable, configure with --enable-debug and recompile.
WARNING: Development-time debugging not compiled in.
WARNING: To enable, configure with --enable-debug and recompile.
WARNING: Unrecognized configuration parameter defaultdomain
WARNING: Development-time debugging not compiled in.
WARNING: To enable, configure with --enable-debug and recompile.
debug: Reading private host key from /etc/ssh2/hostkey
debug: Key comment: 1024-bit dsa hostkey
debug: SshUnixConfig/sshunixconfig.c:270/ssh_server_load_host_key: Reading 
public host key from: /etc/ssh2/hostkey.pub
debug: Becoming server.
debug: Creating listener
debug: Listener created
sshd2[29447]: Listener created on port 22.
sshd2[29447]: Daemon is running.
debug: Running event loop
sshd2[29447]: connection from "xxx.xxx.xxx.xxx (C's IP address)"
debug: Sshd2/sshd2.c:653/new_connection_callback: Wrapping stream with 
ssh_server_wrap...
debug: ssh_server_wrap: creating transport protocol
debug: ssh_server_wrap: creating userauth protocol
debug: Sshd2/sshd2.c:663/new_connection_callback: done.
debug: new_connection_callback returning
sshd2[29447]: User users's local password accepted.
sshd2[29447]: Password authentication for user user accepted.
sshd2[29447]: Remote host disconnected: No further authentication methods 
available.
sshd2[29447]: disconnected by application: 'No further authentication 
methods available.'
debug: Exiting event loop
_______________________________________________________________________
And finally the ssh2 error message from machine B.

[user@B user]$ ssh2 C
user's password:
warning: Authentication failed.
Disconnected; no more authentication methods available (No further 
authentication methods available.).

This always ends sshd2 on machine C as well.

Any help you can give me would be greatly appreciated.

Roy

Research Libraries Group
Mountain View CA

Reply via email to