Re: OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, Jan 09, 2015 at 14:42:59 -0800, grantksupport@xxxxxxxxxxxxx wrote:
> 
> 
> On Fri, Jan 9, 2015, at 02:26 PM, Iain Morgan wrote:
> > > 	server
> > > 
> > > 		ls -al /usr/local/libexec/ssh-keysign
> > > 			-rwsr-xr-x+ 1 root root 455K Oct 11 06:51 /usr/local/libexec/ssh-keysign*
> > > 
> > > 		ls -al /usr/local/etc/ssh/ssh.server.ed25519*
> > > 			-rw-------+ 1 root root 464 May 10  2014 /usr/local/etc/ssh/ssh.server.ed25519
> > > 			-rw-r--r--+ 1 root root 107 May 10  2014 /usr/local/etc/ssh/ssh.server.ed25519.pub
> > > 
> > 
> > Renaming the keys in your output only serves to complicate matters for
> > those who are taking time to try to help you.
> 
> How so?  What's being complicated?  I haven't renamed anything "in my output".
> 
> Those are the actual keynames, and locations, that I've been using for years, renewed, as you can see by the date, just last May

So, how many barrels do you have in that shotgun pointed at your foot?

It looks like you need to read the manual files. While the server
permits you to specify the names and locations of the host keys, the
client does NOT. The locations are hard-coded into ssh and ssh-keysign
at build time; using IdentitryFile does not alter this.

As noted before, only hostbased authentication uses the client's host
keys, so renaming the keys would not have impacted other authentication
methods. 

-- 
Iain Morgan
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux