From owner-ssh@clinet.fi Wed May 16 23:08:52 2001 Received: from smtp1.clinet.fi (smtp1.clinet.fi [194.100.2.57]) by hutcs.cs.hut.fi (8.9.3/8.9.3) with ESMTP id XAA14818 for ; Wed, 16 May 2001 23:08:52 +0300 (EET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by smtp1.clinet.fi (Postfix) with ESMTP id 56A4C1F78B; Wed, 16 May 2001 23:08:45 +0300 (EEST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id WAA24227 for ssh-outgoing; Wed, 16 May 2001 22:23:41 +0300 Received: from father.chem.ubc.ca (father.chem.ubc.ca [137.82.7.63]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id WAA24221 for ; Wed, 16 May 2001 22:23:39 +0300 Received: from chem.ubc.ca (jason.chem.ubc.ca [137.82.7.8]) by father.chem.ubc.ca (8.11.3/8.11.3) with ESMTP id f4GJMvi24149; Wed, 16 May 2001 12:22:58 -0700 Message-ID: <3B027144.CCC8077D@chem.ubc.ca> Date: Wed, 16 May 2001 12:23:33 +0000 From: Jason Gozjolko Reply-To: jason@chem.ubc.ca X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-20mdk i686) X-Accept-Language: en MIME-Version: 1.0 To: ssh@clinet.fi Subject: rhost authentication problem from particular machine Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ssh@clinet.fi Precedence: bulk Hello, I have installed openSSH 2.9p.1 on 5 IBM machines running AIX 4.2.x. They all have the exact same ssh_known_hosts, .rhosts, sshd_config, and ssh_config files one them (ftp transfer) and no .ssh/known_host file on any of the machines. I am trying to ssh using RhostsRSAAuthentication from machineA to the other 4 of them. Two of them work like they should, but two are complaining and insist on password authentication. I am using protocol 1 in this situation because of internal issues. Here is the verbose output from the complaining machine (machines that are complaining have the same output) [IP names and addresses have been altered for protection]: root@machineA/~<106# ssh -v machineC OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Seeded RNG with 34 bytes from programs debug1: Seeded RNG with 3 bytes from system calls debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 0 geteuid 0 anon 1 debug1: Connecting to machineC [10.0.0.61] port 22. debug1: temporarily_use_uid: 0/0 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 0/0 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file //.ssh/identity type -1 debug1: identity file //.ssh/id_rsa type -1 debug1: identity file //.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p1 debug1: match: OpenSSH_2.9p1 pat ^OpenSSH debug1: Local version string SSH-1.5-OpenSSH_2.9p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'machineC' is known and matches the RSA1 host key. debug1: Found key in /etc/ssh/ssh_known_hosts:2 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication. debug1: Remote: Accepted by .rhosts. debug1: Remote: Your host key cannot be verified: unknown or invalid host key. debug1: Server refused our rhosts authentication or host key. debug1: Doing password authentication. root@machineC's password: Please note that the output for a properly connecting machine is identical (including the Rhosts Authentication disabled line) but the host key is verified and password authentication doesn't happen which is what I want. Does anyone have any thoughts on the issue ?? Any tips ?? Anything I could check ?? Anyone run into this problem ?? Thanks. cheers - Jason :)