From owner-ssh@clinet.fi Fri May 18 19:24:35 2001 Received: from smtp1.clinet.fi (smtp1.clinet.fi [194.100.2.57]) by hutcs.cs.hut.fi (8.9.3/8.9.3) with ESMTP id TAA25419 for ; Fri, 18 May 2001 19:24:34 +0300 (EET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by smtp1.clinet.fi (Postfix) with ESMTP id 0AB3720726; Fri, 18 May 2001 19:24:28 +0300 (EEST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id TAA31145 for ssh-outgoing; Fri, 18 May 2001 19:01:55 +0300 Received: from ftp.nvg.com (ftp.nvg.com [199.179.254.6]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id TAA31139 for ; Fri, 18 May 2001 19:01:52 +0300 Received: from pnt004 (vsat-148-63-55-208.c1.sb4.mcl.starband.net [148.63.55.208]) by ftp.nvg.com (8.9.3+Sun/8.9.3) with SMTP id LAA02987 for ; Fri, 18 May 2001 11:55:03 -0400 (EDT) From: "Ed Henderson" To: Subject: Trouble with root login and hostbased authentication Date: Fri, 18 May 2001 11:58:11 -0400 Message-ID: <001701c0dfb3$5771f500$0464a8c0@certainty.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.clinet.fi id TAA31142 Sender: owner-ssh@clinet.fi Precedence: bulk I have successfully gotten ssh to work with non-root users in "BatchMode yes" but can't get root to work at all (in Protocol 1 only. 2 doesn't work well). I compiled sshd with libwrap support. I have created /etc/ssh/shosts.equiv. Here are some settings from sshd_config: Protocol 1 PermitRootLogin yes IgnoreRhosts yes IgnoreUserKnownHosts yes RhostsAuthentication no RhostsRSAAuthentication yes HostbasedAuthentication yes RSAAuthentication yes Also some snips from ssh_config (gen is the hostname of the sshd server): Host gen BatchMode yes RhostsAuthentication no RhostsRSAAuthentication yes HostbasedAuthentication yes Output from sshd -d: gen:/etc/ssh> /usr/local/sbin/sshd -d debug1: Seeded RNG with 33 bytes from programs debug1: Seeded RNG with 3 bytes from system calls debug1: sshd version OpenSSH_2.9p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 192.168.100.101 port 32910 debug1: Client protocol version 1.5; client software version OpenSSH_2.9p1 debug1: match: OpenSSH_2.9p1 pat ^OpenSSH debug1: Local version string SSH-1.5-OpenSSH_2.9p1 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Attempting authentication for root. debug1: Trying rhosts with RSA host authentication for client user root debug1: temporarily_use_uid: 0/1 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 0/1 (e=0) debug1: restore_uid Failed rhosts-rsa for ROOT from 192.168.100.101 port 32910 ruser root Connection closed by 192.168.100.101 debug1: Calling cleanup 0x80835dc(0x0) debug1: Calling cleanup 0x8088940(0x0) debug1: writing PRNG seed to file /root/.ssh/prng_seed Ouput from ssh -v: ssh -v gen "cat /etc/passwd" OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for gen debug1: Applying options for * debug1: Seeded RNG with 33 bytes from programs debug1: Seeded RNG with 3 bytes from system calls debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 0 geteuid 0 anon 1 debug1: Connecting to gen [192.168.100.100] port 22. debug1: temporarily_use_uid: 0/1 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 0/1 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 1.5, remote software version OpenSSH_2.9p1 debug1: match: OpenSSH_2.9p1 pat ^OpenSSH debug1: Local version string SSH-1.5-OpenSSH_2.9p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'gen' is known and matches the RSA1 host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication. debug1: Server refused our rhosts authentication or host key. Permission denied. debug1: Calling cleanup 0x807f7a0(0x0) debug1: Calling cleanup 0x8084b04(0x0) debug1: writing PRNG seed to file /root/.ssh/prng_seed Thanks for any help, Ed.