Sometimes the issue lies with hostname as well. What I mean with that is the known_hosts may have just the host name where as when the connection is established, the debug shows the FQDN. I faced this issue so to be sure, I edited the known_hosts file and inserted the hostname, hostname's FQDN and it's IP address (all comma separated). Also ensure that you both the hosts' known_hosts files have opposite servers names (as prescribed above). All the above checks makes it work for me. Hope this solves. Kind regards, Sharad --- On Thu, 28/4/11, Asif Iqbal <vadud3@xxxxxxxxx> wrote: > From: Asif Iqbal <vadud3@xxxxxxxxx> > Subject: Re: problem with HostbasedAuthentication > To: "Mahmood Naderan" <nt_mahmood@xxxxxxxxx> > Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx> > Date: Thursday, 28 April, 2011, 12:38 AM > On Wed, Apr 27, 2011 at 1:12 AM, > Mahmood Naderan <nt_mahmood@xxxxxxxxx> > wrote: > >>Change the order method. Have hostbased before > password > > > > Sorry where should I do that? > > man ssh_config and look into PreferredAuthentications > > > > > // Naderan *Mahmood; > > > > From: Asif Iqbal <vadud3@xxxxxxxxx> > > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > <secureshell@xxxxxxxxxxxxxxxxx> > > Sent: Wednesday, April 27, 2011 9:17 AM > > Subject: Re: problem with HostbasedAuthentication > > > > > > Change the order method. Have hostbased before > password > > On Apr 26, 2011 11:52 PM, "Mahmood Naderan" <nt_mahmood@xxxxxxxxx> > wrote: > >> > >> > >> Hi, > >> I am trying to setup a hostbased passwrodless ssh > from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html. > >> > >> The client looks like: > >> > >> mahmood@client:~$ cat /etc/ssh/ssh_config | grep > "HostbasedAuthentication" > >> HostbasedAuthentication yes > >> mahmood@client:~$ cat /etc/ssh/ssh_config | grep > "EnableSSHKeysign" > >> EnableSSHKeysign yes > >> > >> > >> and the server looks like: > >> mahmood@server:~$ cat /etc/ssh/sshd_config | > grep "HostbasedAuthentication" > >> HostbasedAuthentication yes > >> mahmood@server:~$ cat /etc/ssh/sshd_config | > grep "IgnoreRhosts" > >> IgnoreRhosts no > >> > >> also the server has the key for client: > >> > >> mahmood@server:~$ cat /etc/ssh/ssh_known_hosts > >> client ssh-rsa AAAAB3Nz..... > >> > >> the ~/.shosts file on the server contains: > >> mahmood@server:~$ cat .shosts > >> client.domain mahmood > >> > >> Then on both server and client, the ssh service is > restarted: > >> mahmood@client:~$ sudo service ssh restart > >> ssh start/running, process 1355 > >> mahmood@server:~$ sudo service ssh restart > >> ssh start/running, process 28982 > >> > >> How, when I run "ssh -vvv server" from client (to > show the verbose messages), I still get the password > prompt. > >> > >> mahmood@client:~$ ssh -vvv server > >> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 > Mar 2009 > >> debug1: Reading configuration data > /etc/ssh/ssh_config > >> debug1: Applying options for * > >> debug2: ssh_connect: needpriv 0 > >> debug1: Connecting to server [192.168.1.1] port > 22. > >> debug1: Connection established. > >> debug1: identity file /home/mahmood/.ssh/identity > type -1 > >> debug1: identity file /home/mahmood/.ssh/id_rsa > type -1 > >> debug1: identity file /home/mahmood/.ssh/id_dsa > type -1 > >> debug1: Remote protocol version 2.0, remote > software version OpenSSH_5.3p1 Debian-3ubuntu4 > >> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat > OpenSSH* > >> debug1: Enabling compatibility mode for protocol > 2.0 > >> debug1: Local version string SSH-2.0-OpenSSH_5.3p1 > Debian-3ubuntu6 > >> debug2: fd 3 setting O_NONBLOCK > >> debug1: SSH2_MSG_KEXINIT sent > >> debug3: Wrote 792 bytes for a total of 831 > >> debug1: SSH2_MSG_KEXINIT received > >> debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > >> group1-sha1 > >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > >> debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > >> debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > >> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > >> md5-96 > >> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > >> md5-96 > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: first_kex_follows 0 > >> debug2: kex_parse_kexinit: reserved 0 > >> debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > >> group1-sha1 > >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > >> debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > >> debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > >> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > >> md5-96 > >> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > >> md5-96 > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: first_kex_follows 0 > >> debug2: kex_parse_kexinit: reserved 0 > >> debug2: mac_setup: found hmac-md5 > >> debug1: kex: server->client aes128-ctr hmac-md5 > none > >> debug2: mac_setup: found hmac-md5 > >> debug1: kex: client->server aes128-ctr hmac-md5 > none > >> debug1: > SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > >> debug3: Wrote 24 bytes for a total of 855 > >> debug2: dh_gen_key: priv key bits set: 124/256 > >> debug2: bits set: 507/1024 > >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > >> debug3: Wrote 144 bytes for a total of 999 > >> debug3: check_host_in_hostfile: filename > /home/mahmood/.ssh/known_hosts > >> debug3: check_host_in_hostfile: match line 1 > >> debug3: check_host_in_hostfile: filename > /home/mahmood/.ssh/known_hosts > >> debug3: check_host_in_hostfile: match line 2 > >> debug1: Host 'server' is known and matches the RSA > host key. > >> debug1: Found key in > /home/mahmood/.ssh/known_hosts:1 > >> debug2: bits set: 503/1024 > >> debug1: ssh_rsa_verify: signature correct > >> debug2: kex_derive_keys > >> debug2: set_newkeys: mode 1 > >> debug1: SSH2_MSG_NEWKEYS sent > >> debug1: expecting SSH2_MSG_NEWKEYS > >> debug3: Wrote 16 bytes for a total of 1015 > >> debug2: set_newkeys: mode 0 > >> debug1: SSH2_MSG_NEWKEYS received > >> debug1: SSH2_MSG_SERVICE_REQUEST sent > >> debug3: Wrote 48 bytes for a total of 1063 > >> debug2: service_accept: ssh-userauth > >> debug1: SSH2_MSG_SERVICE_ACCEPT received > >> debug2: key: /home/mahmood/.ssh/identity ((nil)) > >> debug2: key: /home/mahmood/.ssh/id_rsa ((nil)) > >> debug2: key: /home/mahmood/.ssh/id_dsa ((nil)) > >> debug3: Wrote 64 bytes for a total of 1127 > >> debug1: Authentications that can continue: > publickey,password,hostbased > >> debug3: start over, passed a different list > publickey,password,hostbased > >> debug3: preferred > gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password > >> debug3: authmethod_lookup hostbased > >> debug3: remaining preferred: > publickey,keyboard-interactive,password > >> debug3: authmethod_is_enabled hostbased > >> debug1: Next authentication method: hostbased > >> debug2: userauth_hostbased: chost client. > >> debug2: ssh_keysign called > >> debug3: ssh_msg_send: type 2 > >> debug3: ssh_msg_recv entering > >> debug1: permanently_drop_suid: 1000 > >> debug2: we sent a hostbased packet, wait for > reply > >> debug3: Wrote 608 bytes for a total of 1735 > >> debug1: Authentications that can continue: > publickey,password,hostbased > >> debug2: userauth_hostbased: chost client. > >> debug2: ssh_keysign called > >> debug3: ssh_msg_send: type 2 > >> debug3: ssh_msg_recv entering > >> debug1: permanently_drop_suid: 1000 > >> debug2: we sent a hostbased packet, wait for > reply > >> debug3: Wrote 672 bytes for a total of 2407 > >> debug1: Authentications that can continue: > publickey,password,hostbased > >> debug1: No more client hostkeys for hostbased > authentication. > >> debug2: we did not send a packet, disable method > >> debug3: authmethod_lookup publickey > >> debug3: remaining preferred: > keyboard-interactive,password > >> debug3: authmethod_is_enabled publickey > >> debug1: Next authentication method: publickey > >> debug1: Trying private key: > /home/mahmood/.ssh/identity > >> debug3: no such identity: > /home/mahmood/.ssh/identity > >> debug1: Trying private key: > /home/mahmood/.ssh/id_rsa > >> debug3: no such identity: > /home/mahmood/.ssh/id_rsa > >> debug1: Trying private key: > /home/mahmood/.ssh/id_dsa > >> debug3: no such identity: > /home/mahmood/.ssh/id_dsa > >> debug2: we did not send a packet, disable method > >> debug3: authmethod_lookup password > >> debug3: remaining preferred: ,password > >> debug3: authmethod_is_enabled password > >> debug1: Next authentication method: password > >> mahmood@server's password: > >> > >> > >> Any idea about that? > >> > >> // Naderan *Mahmood; > >> > > > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally > read text. > Q: Why is top-posting such a bad thing? >