Hi On Fri, Jan 9, 2015, at 12:34 PM, Mark Hahn wrote: > >> The one you are missing is EnableSSHKeysign. > > I suppose it's worth asking: is your ssh-keysign suid root > (and are the permissions on your host keys sufficiently tight)? Note that everything works correctly with other auth methods: pubkey, password, ... I suspect key perms issues would've come up there. Here's also the ssk-keysign perms client ls -al /usr/local/libexec/ssh-keysign -rwsr-xr-x+ 1 root root 459K Oct 11 06:51 /usr/local/libexec/ssh-keysign* ls -al /usr/local/etc/ssh/ssh.client.ed25519* -rw-------+ 1 root root 517 May 9 2014 /usr/local/etc/ssh/ssh.client.ed25519 -rw-r--r--+ 1 root root 107 May 9 2014 /usr/local/etc/ssh/ssh.client.ed25519.pub server ls -al /usr/local/libexec/ssh-keysign -rwsr-xr-x+ 1 root root 455K Oct 11 06:51 /usr/local/libexec/ssh-keysign* ls -al /usr/local/etc/ssh/ssh.server.ed25519* -rw-------+ 1 root root 464 May 10 2014 /usr/local/etc/ssh/ssh.server.ed25519 -rw-r--r--+ 1 root root 107 May 10 2014 /usr/local/etc/ssh/ssh.server.ed25519.pub > > ssh-keyscan -t ed25519 server.DOMAIN.COM >> /usr/local/etc/ssh/ssh_known_hosts > > fine, though it's worth verifying that these are the files being used > by the (non-default, right) sshd and ssh (client) that you're using. i have @ server which sshd /usr/local/sbin/sshd systemctl status sshd sshd.service - OpenSSH Daemon Loaded: loaded (/etc/systemd/system/sshd.service; enabled) Active: active (running) since Fri 2015-01-09 12:57:12 PST; 2s ago Main PID: 21534 (sshd) CGroup: /system.slice/sshd.service ├─ 4662 sshd: root@pts/0 ├─ 4664 -bash ├─21534 /usr/local/sbin/sshd -D -f /usr/local/etc/ssh/sshd_config └─21541 systemctl status sshd ps ax | grep sshd_config 20989 ? Ss 0:00 /usr/local/sbin/sshd -D -f /usr/local/etc/ssh/sshd_config and @ client which ssh /usr/local/bin/ssh ssh server.DOMAIN.COM -vvv ... debug3: load_hostkeys: loading entries for host "server.DOMAIN.COM" from file "/usr/local/etc/ssh/ssh_known_hosts" debug3: load_hostkeys: found key type ED25519 in file /usr/local/etc/ssh/ssh_known_hosts:2 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "server.DOMAIN.COM" from file "/usr/local/etc/ssh/ssh_known_hosts" debug3: load_hostkeys: found key type ED25519 in file /usr/local/etc/ssh/ssh_known_hosts:2 debug3: load_hostkeys: loaded 1 keys ... > > Permission denied (hostbased). _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev