Could some one please look at my problem and tell me
if I'm doing something totally ludicrous or not.
I have single gateway machine for remote users (B) on
which I'm using passwd and public key authentication.
>From there I'm trying to ssh2 to an internal machine
using what I'm hoping to be hostbased authentication
plus passwd (C).
My remote is A, the gateway B and the internal machine
C. B&C are Linux and A an NT workstation. I'm working
fine going from A to B. Going from B to C is the
problem.
I'll ssh2 to from machine A to B. Once I'm logged into
machine B I then try to ssh2 to machine C. Am I wrong
in this, or can I go directly to machine C but still
use the B machine.. like a statement "ssh2 to C via B"
and have it prompt me for two passwords, one for B and
one for C. ?
I've been copying over the hostkey.pub from machine B
to C in /etc/ssh2/knownhosts. I've copied it as
B.domain.ssh-dss.pub ..that didn't work so I copied it
as B.ssh-dss.pub and I've copied this file as
itself..hostkey.pub.. all to no avail.
The hostkey.pub file is the same on both B and C; See
checksums:
[root@B ssh2]# sum hostkey.pub
45376 1
[root@C knownhosts]# sum *
45376 1 B.rlg.org.ssh-dss.pub
45376 1 B.ssh-dss.pub
45376 1 hostkey.pub
On machine B I created ~/.shosts with an entry of
"B.domain user". It's owned by user and has 0400
mode.
Example:
[user@B user]$ ls -l .shosts
-r-------- 1 user user 14 Nov 21
10:58 .shosts
[user@B user]$ cat .shosts
B user
Here's a copy of the sshd2_config file and following
that a verbose log of sshd2 on machine C.
root@C knownhosts]# cat /etc/ssh2/sshd2_config
# sshd2_config
# SSH 2.0 Server Configuration File
*:
Port 22
ListenAddress 0.0.0.0
Ciphers AnyStd
# Ciphers AnyCipher
# Ciphers AnyStdCipher
# Ciphers 3des
IdentityFile identification
AuthorizationFile authorization
HostKeyFile hostkey
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
ForwardAgent yes
ForwardX11 yes
# DEPRECATED PasswordAuthentication yes
PasswordGuesses 3
# MaxConnections 50
# 0 == number of connections not limited
MaxConnections 0
# PermitRootLogin nopwd
PermitRootLogin no
# DEPRECATED PubkeyAuthentication yes
# AllowedAuthentications
publickey,password,hostbased
# AllowedAuthentications
password,hostbased
AllowedAuthentications
hostbased,password
# RequiredAuthentications
publickey,password
# RequiredAuthentications
password,hostbased
RequiredAuthentications
hostbased,password
ForcePTTYAllocation no
VerboseMode yes
PrintMotd yes
CheckMail yes
UserConfigDirectory "%D/.ssh2"
# UserConfigDirectory
"/etc/ssh2/auth/%U"
SyslogFacility AUTH
# SyslogFacility LOCAL7
Ssh1Compatibility yes
# Sshd1Path <set by
configure>
# AllowHosts localhost
# DenyHosts evil.org,
aol.com
# AllowSHosts localhost
# DenySHosts
not.quite.trusted.org
# NoDelay yes
# KeepAlive yes
RequireReverseMapping yes
UserKnownHosts yes
DefaultDomain rlg.org
IgnoreRhosts no
# subsystem definitions
subsystem-sftp sftp-server
___________________________________________________
sshd2 -v
WARNING: Development-time debugging not compiled in.
WARNING: To enable, configure with --enable-debug and
recompile.
WARNING: Development-time debugging not compiled in.
WARNING: To enable, configure with --enable-debug and
recompile.
WARNING: Unrecognized configuration parameter
defaultdomain
WARNING: Development-time debugging not compiled in.
WARNING: To enable, configure with --enable-debug and
recompile.
debug: Reading private host key from /etc/ssh2/hostkey
debug: Key comment: 1024-bit dsa hostkey
debug:
SshUnixConfig/sshunixconfig.c:270/ssh_server_load_host_key:
Reading public host key from: /etc/ssh2/hostkey.pub
debug: Becoming server.
debug: Creating listener
debug: Listener created
sshd2[29447]: Listener created on port 22.
sshd2[29447]: Daemon is running.
debug: Running event loop
sshd2[29447]: connection from "xxx.xxx.xxx.xxx (C's IP
address)"
debug: Sshd2/sshd2.c:653/new_connection_callback:
Wrapping stream with ssh_server_wrap...
debug: ssh_server_wrap: creating transport protocol
debug: ssh_server_wrap: creating userauth protocol
debug: Sshd2/sshd2.c:663/new_connection_callback:
done.
debug: new_connection_callback returning
sshd2[29447]: User users's local password accepted.
sshd2[29447]: Password authentication for user user
accepted.
sshd2[29447]: Remote host disconnected: No further
authentication methods available.
sshd2[29447]: disconnected by application: 'No further
authentication methods available.'
debug: Exiting event loop
_______________________________________________________________________
And finally the ssh2 error message from machine B.
[user@B user]$ ssh2 C
user's password:
warning: Authentication failed.
Disconnected; no more authentication methods available
(No further authentication methods available.).
This always ends sshd2 on machine C as well.
Any help you can give me would be greatly appreciated.
Roy
Research Libraries Group
Mountain View CA
___________________________________
If we don't change our basic perceptions
of life, as a species we will perish in
servitude to institutional greed.
Please read Vote or Die at
www.thirdparty.dhs.org
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
