Hi Roy,
It looks like your problem is in your permissions:
> sshd2[16663]: hostbased-authentication (rhosts) refused for rlh: bad
> ownership or modes for home directory.
> hostbased-authentication (rhosts) refused for rlh: bad ownership or modes
> for home directory.
Make sure your home directory and your .shosts file are not group or world writable.
Also, make sure rlh owes those files and directories.
-Anne
On Wed, Jan 10, 2001 at 04:23:46PM -0800, Roy wrote:
> I'm trying to do host based authentication from one linux box to another.
>
> Here is the output of the server/remote side and what follows it is the
> output of the local/client side.
>
> I have gone over and over this thing infinitum.. help.
>
>
> Thanks
>
> Roy
>
> REMOTE/SERVER
>
> WARNING: Development-time debugging not compiled in.
> WARNING: To enable, configure with --enable-debug and recompile.
> WARNING: Development-time debugging not compiled in.
> WARNING: To enable, configure with --enable-debug and recompile.
> WARNING: Development-time debugging not compiled in.
> WARNING: To enable, configure with --enable-debug and recompile.
> debug: Reading private host key from /etc/ssh2/hostkey
> debug: Key comment: 1024-bit dsa hostkey
> debug: SshUnixConfig/sshunixconfig.c:270/ssh_server_load_host_key: Reading
> public host key from: /etc/ssh2/hostkey.pub
> debug: Becoming server.
> debug: Creating listener
> debug: Listener created
> sshd2[16663]: Listener created on port 22.
> sshd2[16663]: Daemon is running.
> debug: Running event loop
> sshd2[16663]: connection from "204.161.104.83"
> debug: Sshd2/sshd2.c:653/new_connection_callback: Wrapping stream with
> ssh_server_wrap...
> debug: ssh_server_wrap: creating transport protocol
> debug: ssh_server_wrap: creating userauth protocol
> debug: Sshd2/sshd2.c:663/new_connection_callback: done.
> debug: new_connection_callback returning
> sshd2[16663]: hostbased-authentication (rhosts) refused for rlh: bad
> ownership or modes for home directory.
> debug:
>
>Ssh2AuthHostBasedRhosts/auths-hostbased-rhosts.c:357/ssh_server_auth_hostbased_rhosts:
>
> hostbased-authentication (rhosts) refused for rlh: bad ownership or modes
> for home directory.
> debug: ssh_sigchld_real_callback
> sshd2[16663]: Remote host disconnected: Authentication method disabled.
> (user 'rlh', client address '204.161.104.83:4185', requested service
> 'ssh-connection')
> sshd2[16663]: User authentication failed: 'Authentication method disabled.
> (user 'rlh', client address '204.161.104.83:4185', requested service
> 'ssh-connection')'
> debug: Exiting event loop
>
>
>
>
>
> LOCAL/CLIENT
> debug: entering event loop
> debug: ssh_client_wrap: creating transport protocol
> debug:
> SshAuthMethodClient/sshauthmethodc.c:105/ssh_client_authentication_initialize:
> Added "publickey" to usable methods.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:105/ssh_client_authentication_initialize:
> Added "password" to usable methods.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:105/ssh_client_authentication_initialize:
> Added "hostbased" to usable methods.
> debug: Ssh2Client/sshclient.c:1104/ssh_client_wrap: creating userauth protocol
> debug: Ssh2Common/sshcommon.c:487/ssh_common_wrap: local ip =
> 204.161.104.83, local port = 4185
> debug: Ssh2Common/sshcommon.c:489/ssh_common_wrap: remote ip =
> 204.161.104.80, remote port = 22
> debug: SshConnection/sshconn.c:1853/ssh_conn_wrap: Wrapping...
> debug: Ssh2Transport/trcommon.c:593/ssh_tr_input_version: Remote version:
> SSH-2.0-2.0.13 (non-commercial)
> debug: Ssh2Transport/trcommon.c:688/ssh_tr_input_version: Remote version
> has service accept message draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:692/ssh_tr_input_version: Remote version
> has publickey service name draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:696/ssh_tr_input_version: Remote version
> has X11 channel open draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:701/ssh_tr_input_version: Remote version
> has SSH_MSG_CHANNEL_OPEN_FAILURE draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:706/ssh_tr_input_version: Remote version
> has SSH_MSG_USERAUTH_PK_OK draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:728/ssh_tr_input_version: Remote version
> has hostbased service name draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:732/ssh_tr_input_version: Remote version
> has publickey session_id encoding draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:736/ssh_tr_input_version: Remote version
> has malformed signatures draft incompatibility bug.
> debug: Ssh2Transport/trcommon.c:740/ssh_tr_input_version: Remote version
> uses deprecated disconnect codes
> debug: Ssh2Transport/trcommon.c:1068/ssh_tr_negotiate: c_to_s: cipher
> 3des-cbc, mac hmac-md5, compression none
> debug: Ssh2Transport/trcommon.c:1071/ssh_tr_negotiate: s_to_c: cipher
> 3des-cbc, mac hmac-md5, compression none
> debug: Ssh2Client/sshclient.c:399/keycheck_key_match: Host key found from
> database.
> debug: Ssh2Common/sshcommon.c:297/ssh_common_special: Received
> SSH_CROSS_STARTUP packet from connection protocol.
> debug: Ssh2Common/sshcommon.c:347/ssh_common_special: Received
> SSH_CROSS_ALGORITHMS packet from connection protocol.
> debug:
> Ssh2AuthHostBasedClient/authc-hostbased.c:108/hostbased_send_compat_flags:
> Compat flags: "requested-service-name,signature-encoding"
> debug:
> Ssh2AuthHostBasedClient/authc-hostbased.c:597/ssh_client_auth_hostbased:
> Child: Execing ssh-signer...(path: ssh-signer2)
> debug:
> Ssh2AuthHostBasedClient/authc-hostbased.c:325/auth_hostbased_received_packet:
> ssh-signer returned SSH_AUTH_HOSTBASED_SIGNATURE
> debug: ssh_pipe_stream_destroy
> debug: ssh_sigchld_real_callback
> debug: ssh_sigchld_process_pid: no handler for pid 13838 code 0
> debug: Ssh2Common/sshcommon.c:132/ssh_common_disconnect: DISCONNECT
> received: Authentication method disabled.
> warning: Authentication failed.
> debug: Ssh2/ssh2.c:78/client_disconnect: locally_generated = FALSE
> debug: Ssh2/ssh2.c:173/client_disconnect: Received disconnection reason
> code 12, which does not conform with the draft.
> Disconnected; authentication error (Authentication method disabled.).
> debug: uninitializing event loop
>
-------------------------------------------------------------------------
Anne Carasik | The 4th Division of Paperclips has
Principal Security Consultant | overrun the Pushpin Infantry and
SSH Communications Security, Inc. | General White-Out has called for
Email: [EMAIL PROTECTED] | a new skirmish.
-------------------------------------------------------------------------
PGP Key fingerprint = DA01 3999 6A1C 8124 7EA1 345F 4313 736C 1849 1F98
-------------------------------------------------------------------------
Unless stated otherwise above, the opinions expressed herein are my own,
not of my employer.
