[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh version 3.4p1-1and RSA authentification

Le jeudi 21 novembre 2002 10:47 +0100, Fabrice Yerly écrivait:
> Hi,


> > RhostsRSAAuthentication yes
> I Did the correction. It still does not work...
> I tried the debug mode. Result is below. This only strange thing I
> remark is that public keys are attempted to be in my own ~/.ssh/
> directory. Is it a way to preceise that I want to read in the /etc/ssh
> directory?
> debug1: authentications that can continue: 
> publickey,password,keyboard-interactive,hostbased
> debug1: next auth method to try is publickey
> debug1: try privkey: /home/fyerly/.ssh/identity
> debug1: try privkey: /home/fyerly/.ssh/id_rsa
> debug1: try privkey: /home/fyerly/.ssh/id_dsa
> debug1: next auth method to try is keyboard-interactive

It seems there's some confusion here... 

There's a misunderstanding between the different authentication methods.
Are you using RhostsRSAAuthentication or PublicKeyAuthentication ? I
mean do you use RSA host-keys or do you use per-user identity keys in
~/.ssh/{identity,id_rsa,id_dsa} ?

If you want to use PublicKeyAuthentication, then it's a totally
different problem. You need to have identity keys (id_rsa or id_dsa) in
each user's $HOME, and to add the public part of the key in their
~/.ssh/authorized_keys file.

But if you're planning to use RhostsRSAAuthentication (which seems to be
the case since you told us about your hosts.equiv file), then it seems
this authentication method is not tried in your ssh output.

I think you need 3 things set to enable this authentication method :
- Have "RhostsRSAAuthentication yes" in /etc/ssh/ssh_config on the
- Have "RhostsRSAAuthentication yes" in /etc/ssh/sshd_config on the
- Have /usr/lib/ssh-keysign with the setuid bit set. You can achieve
  this by answering yes to the question with "dpkg-reconfigure ssh".

Hope this helps...

Alexandre Vitrac                         ,''`.
CS-SI                                   : :' :
OpenPGP key ID : C03A7DFE               `. `' 

Reply to: