Bug#341781: marked as done (ssh: Unable to use hostbased authentication due to hostname mistmatches)
Your message dated Thu, 20 Feb 2014 17:46:32 +0000
with message-id <53063F78.4020101@debian.org>
and subject line Re: ssh hostbased authentication problems still extant?
has caused the Debian Bug report #341781,
regarding ssh: Unable to use hostbased authentication due to hostname mistmatches
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
341781: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341781
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssh: Unable to use hostbased authentication due to hostname mistmatches
- From: Marc Singer <elf@buici.com>
- Date: Fri, 02 Dec 2005 15:58:43 -0800
- Message-id: <20051202235843.22107.qmail@florence.buici.com>
Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Severity: important
After an upgrade of SSH, hostbased authentication stopped working.
I've spent some time recompiling the package with more debug
information and I believe I have found the rootcause, though I don't
know what part of the package changed.
The symptom is that the hostbased authentication always fails to
accept the host keys and instead either asks for a password, or for
the user's RSA key passphrase. The reason the remote machine
rejected the request is in check_rhosts_file(); the hostnames are
different. One has a trailing period and the other does not. By
adding a period to the .shosts hostname, the check succeeds.
Unfortunately, that isn't sufficient. Adding the period later breaks
the monitor_valid_hostbasedblob() call where again, one hostname ends
with a period and the other does not.
It is possible that this is the same problem as #115286.
The next place to look is in the code that passes the requestor's
hostname to check_rthosts_file().
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages ssh depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.30.13 Debian configuration management sy
ii dpkg 1.10.28 Package maintenance system for Deb
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- debconf information:
* ssh/privsep_tell:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/ssh2_keys_merged:
ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
ssh/disable_cr_auth: false
--- End Message ---
--- Begin Message ---
On 20/02/14 17:19, Marc Singer wrote:
> I confess that enough time has passed that I'm not even sure what I was
> doing at the time. I'd be OK with closing this bug as unreproducible.
OK. I'll go with my suspicion that current ssh has fixed this, and we
can re-open if it turns out I'm wrong.
Regards,
Matthew
--- End Message ---
Reply to: