Date: Sat, 3 Mar 2001 15:16:46 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: John Polstra <jdp@polstra.com> Cc: stable@FreeBSD.ORG Subject: Re: Is RhostsRSAAuthentication broken? Message-ID: <20010303151646.N89396@rfx-216-196-73-168.users.reflex> In-Reply-To: <XFMail.010303133807.jdp@polstra.com>; from jdp@polstra.com on Sat, Mar 03, 2001 at 01:38:07PM -0800 References: <XFMail.010303133807.jdp@polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 03, 2001 at 01:38:07PM -0800, John Polstra wrote: > Is ssh's RhostsRSAAuthentication using the ~/.shosts file broken in > -stable? On the server, OpenSSH on a FreeBSD-stable machine from Jan > 30, /etc/ssh/sshd_config contains: > > IgnoreRhosts no > IgnoreUserKnownHosts no > RhostsRSAAuthentication yes > > and the ~/.shosts file is set up correctly for the host+user that > wants to connect. Also, I have the client's public host key (RSA) in > both ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts on the server > machine. > > On the client side, ~/.ssh/config contains: > > Host server.example.com > RhostsRSAAuthentication yes > > When the client is OpenSSH on a FreeBSD-stable machine, "slogin -v > server.example.com" shows no attempt at all by the client to use > RhostsRSAAuthentication. Is /usr/bin/ssh setuid root on the client? It no longer is by default. Do it by hand or enable, # To enable installing ssh(1) with the setuid bit turned on ENABLE_SUID_SSH= true In your /etc/make.conf. > When the client is ssh-1.2.27, "slogin -v server.example.com" says: > > Remote: Accepted by .shosts. > Remote: Your host key cannot be verified: unknown or invalid host key. Looks like a key problem, probably a separate issue. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010303151646.N89396>