I have successfully gotten ssh to work with non-root users in "BatchMode yes" but
can't get root to work at all (in Protocol 1 only. 2 doesn't work well). I compiled
sshd with libwrap support. I have created /etc/ssh/shosts.equiv. Here are some
settings from sshd_config:
Protocol 1
PermitRootLogin yes
IgnoreRhosts yes
IgnoreUserKnownHosts yes
RhostsAuthentication no
RhostsRSAAuthentication yes
HostbasedAuthentication yes
RSAAuthentication yes
Also some snips from ssh_config (gen is the hostname of the sshd server):
Host gen
BatchMode yes
RhostsAuthentication no
RhostsRSAAuthentication yes
HostbasedAuthentication yes
Output from sshd -d:
gen:/etc/ssh> /usr/local/sbin/sshd -d
debug1: Seeded RNG with 33 bytes from programs
debug1: Seeded RNG with 3 bytes from system calls
debug1: sshd version OpenSSH_2.9p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.100.101 port 32910
debug1: Client protocol version 1.5; client software version OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for root.
debug1: Trying rhosts with RSA host authentication for client user root
debug1: temporarily_use_uid: 0/1 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/1 (e=0)
debug1: restore_uid
Failed rhosts-rsa for ROOT from 192.168.100.101 port 32910 ruser root
Connection closed by 192.168.100.101
debug1: Calling cleanup 0x80835dc(0x0)
debug1: Calling cleanup 0x8088940(0x0)
debug1: writing PRNG seed to file /root/.ssh/prng_seed
Ouput from ssh -v:
ssh -v gen "cat /etc/passwd"
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for gen
debug1: Applying options for *
debug1: Seeded RNG with 33 bytes from programs
debug1: Seeded RNG with 3 bytes from system calls
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to gen [192.168.100.100] port 22.
debug1: temporarily_use_uid: 0/1 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/1 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.5, remote software version OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'gen' is known and matches the RSA1 host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
debug1: Server refused our rhosts authentication or host key.
Permission denied.
debug1: Calling cleanup 0x807f7a0(0x0)
debug1: Calling cleanup 0x8084b04(0x0)
debug1: writing PRNG seed to file /root/.ssh/prng_seed
Thanks for any help,
Ed.
