Date: Fri, 08 Jun 2001 07:47:03 -0700 From: "Misha Kamushkin" <mishson@hotmail.com> To: freebsd-security@freebsd.org Subject: openssh auth. problem Message-ID: <F4adTMVwVn20lbhsKd600005da3@hotmail.com>
next in thread | raw e-mail | index | archive | help
hello, i think i tried everything under the sun to get this to work but with no results. i need to get ssh to work without prompting me for a password. i created id_dsa and id_dsa.pub with ssh-keygen. then i export the key with ssh-keygen -x. after that i copied the exported key to my server and renamed it known_hosts2 and i also tried athorized_keys2. i have enable hostbasedauthentication on both client and sever config files. here's client conf file: [root@ber ssh2]# cat ssh_config Host 1.1.1.1 ForwardAgent no ForwardX11 yes HostbasedAuthentication yes PreferredAuthentications hostbased,password # RhostsAuthentication no RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes FallBackToRsh no # UseRsh no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking yes # IdentityFile ~/.ssh/known_hosts2 IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_rsa Port 22 Protocol 2 Cipher blowfish # EscapeChar ~ here's server config file: [root@lit ssh2]# cat sshd_config Port 22 Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh2/ssh_host_key HostKey /etc/ssh2/ssh_host_rsa_key HostKey /etc/ssh2/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh2/ssh_known_hosts #RhostsRSAAuthentication yes # similar for protocol version 2 HostbasedAuthentication yes # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords yes # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # Uncomment to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/local//libexec/sftp-server here's the output [root@ber ssh2]# ssh 2.2.2.2 -v OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f debug1: Reading configuration data /etc/ssh2/ssh_config debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 0 geteuid 0 anon 1 debug1: Connecting to 2.2.2.2 [2.2.2.2] port 22. debug1: temporarily_use_uid: 0/0 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 0/0 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_2.9p1 debug1: match: OpenSSH_2.9p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_2.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 137/256 debug1: bits set: 1039/2049 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '2.2.2.2' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts2:1 debug1: bits set: 1022/2049 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is publickey debug1: try privkey: /root/.ssh/identity debug1: try privkey: /root/.ssh/id_rsa debug1: try pubkey: /root/.ssh/id_dsa debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is password root@2.2.2.2's password: what am i doing wrong. can somebody bring some light on this. what's the correct step by step configuration. thanks in advance. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F4adTMVwVn20lbhsKd600005da3>