Hey everybody, I've noticed that since upgrading to the woody/updates ssh package (3.3p10.0woody1) My logs show "Accepted hostbased" instead of "Accepted publickey" whenever a user logs in with a public key. This is using protocol version 2, with clients of the same version (running on sid), and also for other users whose client versions I haven't yet checked. I've never used hostbased authentication before, and I'm wondering if this is just a logging error, or if I've somehow mucked up the configs so that it is using hostbased. When I connect without an agent, it does ask for my key passphrase, and ssh -v looks to me like it is using public key: debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: userauth_pubkey_agent: testing agent key /home/vineet/.ssh/identity debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8094400 hint -1 debug1: ssh-userauth2 successful: method publickey And here's excerpts from sshd_config on the server: # rhosts authentication should not be used RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication #IgnoreUserKnownHosts yes Also, this is happening on 3 different machines (but all with the same version). So that leads me to guess that it's less likely a configuration error. So it looks to me like it's just logging it incorrectly. Has anyone else noticed this behavior? Any other incorrectly-reported auth methods you've seen? I just tried password (just to test) and it does show up as "Accepted password" in auth.log . I'll file a bug; I was just curious whether anyone else saw something similar. good times, Vineet -- http://www.doorstop.net/ -- "Computer Science is no more about computers than astronomy is about telescopes." -E.W. Dijkstra
Attachment:
pgpOth0cvQ41c.pgp
Description: PGP signature