Hi folks, I noticed a strange behavior of sshd during a FC1 kickstart install. We use rsync/ssh to copy over config files and the like to our boxes in the %post script. For some reason, with FC, we're unable to log into a sshd running in the /mnt/sysimage changeroot using hostbased authentication. ssh -v shows that it gets stuck when trying to set up the hostbased authentication: <snip> debug1: Host 'na8' is known and matches the RSA host key. debug1: Found key in /etc/ssh/ssh_known_hosts2:146 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: Next authentication method: hostbased After that, it doesn't print out anything else. I'm also attaching the sshd_config file from that box. Any clue what could be wrong? Thanks, Kai -- Kai Blin, Sysop Dept. of Numerical Algebra, University of Tübingen, Germany
# This is ssh server systemwide configuration file. Port 22 #Protocol 1,2 Protocol 2 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 X11Forwarding yes X11DisplayOffset 10 KeepAlive yes # Logging SyslogFacility LOCAL0 LogLevel INFO IgnoreRhosts no IgnoreUserKnownHosts no PermitEmptyPasswords no #PermitRootLogin without-password StrictModes yes # configurations for both protocol versions PasswordAuthentication yes # Protocol version 1 configurations RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes # Protocol version 2 configurations HostbasedAuthentication yes PubkeyAuthentication yes # Uncomment to disable s/key passwords # SkeyAuthentication no # To change Kerberos options # KerberosAuthentication no # KerberosOrLocalPasswd yes # AFSTokenPassing no # KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver # KerberosTgtPassing yes #CheckMail no UseLogin no PrintMotd no #Subsystem sftp /usr/local/sbin/sftpd
