You don't say whether you are behind a firewall or not. Anyway, the problem is
RHosts/SHosts style authentication is disabled unless the originating port on
the client is below 1024. Either the ssh command is NOT suid on the client, you
are behind a firewall, or MacOS X doesn't care about the priviledge ports. I
would be surprised if the later since it is Mach/BSD Kernel based.
As for one, check the ssh binary on the MacOS X machine and make sure it is
suid. If ls -l ssh doesn't show -rwsr-xr-x (or something close, the s is the
important one though) then it isn't and you need to chmod u+s ssh. If it is and
you are behind a firewall, you need to or the admin of the firewall needs to
configure things so connections to port 22 on remote hosts get remapped to below
1024. You could also check and only do the remap if the source machine port
number is below 1024.
Personally, I'd say bag it nd look at RSAAuthentication instead.
ANyway, hope some of this helps.
--Dave
>Mime-Version: 1.0
>X-Sender: [EMAIL PROTECTED] (Unverified)
>Date: Fri, 6 Jul 2001 18:05:41 +0200
>To: SSH list <[EMAIL PROTECTED]>
>From: Jean Richelle <[EMAIL PROTECTED]>
>Subject: rhosts authen problem with openSSH
>Content-Transfer-Encoding: 8bit
>X-MIME-Autoconverted: from quoted-printable to 8bit by mail.clinet.fi id
TAA04832
>
>Hello,
>
>I already post a first question here. Now I shall give the debug trace ...
>
>The rhosts authentification is refused - I'm running under Mac OSX
>with openSSH.
>
>On client: ssh -v localhost
>
>OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
>debug1: Reading configuration data /Users/jean/.ssh/config
>debug1: Applying options for *
>debug1: Reading configuration data /etc/ssh_config
>debug1: Applying options for *
>debug1: Seeded RNG with 25 bytes from programs
>debug1: Seeded RNG with 3 bytes from system calls
>debug1: Rhosts Authentication disabled, originating port will not be trusted.
>debug1: restore_uid
>
>
>/etc/ssh_config and ~/.ssh/config
>
>Host *
> RHostsAuthentication yes
> RhostsRSAAuthentication yes
> RSAAuthentication yes
> Port 22
>
>
>~/.rhosts
>
>localhost
>127.0.0.1
>
>On server side (same machine):
>/usr/sbin/sshd -d
>
>debug1: Seeded RNG with 24 bytes from programs
>debug1: Seeded RNG with 3 bytes from system calls
>debug1: sshd version OpenSSH_2.9p1
>debug1: private host key: #0 type 0 RSA1
>debug1: read PEM private key done: type RSA
>debug1: private host key: #1 type 1 RSA
>debug1: read PEM private key done: type DSA
>debug1: private host key: #2 type 2 DSA
>debug1: Bind to port 22 on 0.0.0.0.
>Server listening on 0.0.0.0 port 22.
>socket: Protocol not supported
>Generating 768 bit RSA key.
>RSA key generation complete.
>debug1: Server will not fork when running in debugging mode.
>Connection from 127.0.0.1 port 49237
>debug1: Client protocol version 2.0; client software version OpenSSH_2.9p1
>debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
>Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-1.99-OpenSSH_2.9p1
>debug1: Rhosts Authentication disabled, originating port not trusted.
>debug1: list_hostkey_types: ssh-rsa,ssh-dss
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: kex: server->client aes128-cbc hmac-md5 none
>
>
>/etc/sshd_config
>
>Port 22
>HostKey /etc/ssh_host_key
>HostKey /etc/ssh_host_rsa_key
>HostKey /etc/ssh_host_dsa_key
>ServerKeyBits 768
>LoginGraceTime 600
>KeyRegenerationInterval 3600
>PermitRootLogin yes
>IgnoreRhosts no
>StrictModes yes
>X11Forwarding no
>X11DisplayOffset 10
>PrintMotd yes
>KeepAlive yes
>SyslogFacility AUTH
>LogLevel INFO
>RHostsAuthentication yes
>RhostsRSAAuthentication yes
>HostbasedAuthentication yes
>RSAAuthentication yes
>PasswordAuthentication yes
>PermitEmptyPasswords no
>_____________________________________________________________________________
>Jean Richelle <[EMAIL PROTECTED]>
>Service de Conformation des Macromol�cules Biologiques Tel: +32 02 650 3587
>et de Bioinformatique - Universit� libre de Bruxelles FAX: +32 02 648 8954
>av. F.D. Roosevelt 50 - CP160/16, B-1050 Bruxelles, Belgium
>_____________________________________________________________________________
--
David Knight French
Black Mountain Computer Consulting
Voice: (858)573-2959
Email: [EMAIL PROTECTED]
