Re: SSH2 + HostbasedAuthentication

[Osamu Aoki <debian@aokiconsulting.com>]

Hi, you seems to know alot.  So I may be wrong but let me try...

On Mon, Oct 08, 2001 at 08:51:20PM +0200, Walter Hofmann wrote:
> I cannot use HostbasedAuthentication with ssh. ssh just keeps on asking
> for the password. Here is what I tried:
> 
> I have SSH (OpenSSH_2.9p2) running with RhostsRSAAuthentication just
> fine -- users can log in from one computer to another without using a
> password or setting up and .ssh/authorized_keys file. But now the ssh in
> woody changed and protocol version two is the default so I want to make
> sure that HostbasedAuthentication is working as well.

For SSH2, you need to set up ~/.ssh/authorized_keys2 instead.  I am on
the way of updating.  I have not tried yet ;-)

> I set "HostbasedAuthentication yes" in /etc/ssh/sshd_config. I then
> added the public keys from the other hosts to /etc/ssh/ssh_known_hosts2
> (by logging in to them and then copying my ~/.ssh/known_hosts2 file to
> /etc/ssh/ssh_known_hosts2). Now /etc/ssh/ssh_known_hosts2 contains:
> 
> Here is the debug output from sshd:
> 
> aragorn:/etc/ssh# sshd -d -e
> [...]
> And from the client:
> wh@gandalf:~$ ssh -v aragorn.local
> OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> [...]
> Enabling compatibility mode for protocol 2.0
> [...]
> wh@aragorn.local's password:
> [...]
> (I'm pretty sure that DNS is set up correctly, logging in with protocol
> version 1, i.e. "ssh -1" still works without asking for passwords.)

-- 
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ 
+  Osamu Aoki <debian@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D  +
+  My debian quick-reference, http://www.aokiconsulting.com/quick/    +