From owner-freebsd-security Wed Feb 14 5: 1:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 8309937B401 for ; Wed, 14 Feb 2001 05:01:44 -0800 (PST) Received: (qmail 18167 invoked by uid 501); 14 Feb 2001 13:01:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Feb 2001 13:01:40 -0000 Date: Wed, 14 Feb 2001 11:01:40 -0200 (EDT) From: Paulo Fragoso To: freebsd-security@freebsd.org Subject: SSH2 host auth Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, We were using ssh1 protocol with host based authentication. We've upgraded all sshd to use ssh2 protocol (SSH-2.0-OpenSSH_2.2.0) but we can't estabilish host based authentication. On server side we have created some files: /etc/ssh/ssh_known_hosts2 we have put public key from client using same format found in ~/.ssh/known_hosts2 /etc/ssh/shosts.equiv /etc/shosts.equiv /etc/hosts.equiv we have put the hostname for client On the client machine we are trying to connect without password, but it's always ask for it. We're new with SSH 2 protocol and we can't found a HOW TO make configurations for host based authentication. We heve ever read man pages for sshd and we can't found any solution for this problem (guess). Can anyone help us? We can't found any information (guess) at sshd debug: debug: sshd version OpenSSH_2.2.0 debug: read DSA private key done debug: Bind to port 22 on ::. Server listening on :: port 22. debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug: Server will not fork when running in debugging mode. Connection from mirage.nlink.com.br port 3207 Connection from CCC.CCC.CCC.CCC port 3207 debug: Client protocol version 2.0; client software version OpenSSH_2.2.0 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.2.0 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com debug: got kexinit: none debug: got kexinit: none debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: client->server 3des-cbc hmac-sha1 none debug: kex: server->client 3des-cbc hmac-sha1 none debug: Wait SSH2_MSG_KEXDH_INIT. debug: bits set: 531/1024 debug: bits set: 519/1024 debug: sig size 20 20 debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: userauth-request for user paulo service ssh-connection method none Failed none for paulo from CCC.CCC.CCC.CCC port 3207 ssh2 Connection closed by CCC.CCC.CCC.CCC debug: Calling cleanup 0x805b8ec(0x0) Paulo Fragoso. -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message