|
I am having a terrible time getting ssh to do
host-based authentication using PAM. I have installed using RPM's RedHat 7
and it works great so far. However, whenever I attempt to change the
authentication from password required to host-based using hosts.equiv or
shosts.equiv it still asks for a password. The /var/log/messages file
contains:
Jan 29 14:11:22 me sshd[553]: Accepted
password for ROOT from x.x.x.x port xx ssh2
Jan 29 14:11:22 me PAM_unix[553]: (system-auth) session opened for user root by (uid=0) The sshd file in /etc/pam.d contains:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_limits.so I've added:
auth
sufficient /lib/security/pam_rhosts_auth.so
hosts_equiv_rootok
and changed password from required to optional but still no luck. I've tried with root and other users; hosts.equiv,
shosts.equiv, .rhosts, and .shosts.
Not sure what else to try. Anyone else have
any ideas?
Thanks.
Keith Knohl
|
