On Thu, Apr 28, 2011 at 1:54 AM, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote: >>man ssh_config and look into PreferredAuthentications > I added this line to sshd_config: > ... > HostbasedAuthentication yes > PreferredAuthentications hostbased,keyboard-interactive,password,publickey > ... > > afte restarting the service, the connection is refused while connecting to server from client: restart was not necessary. > > mahmood@client:~$ ssh -vvv server > OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to server [192.168.1.1] port 22. > debug1: connect to address 192.168.1.1 port 22: Connection refused > ssh: connect to host server port 22: Connection refused if suggestion from Sharad did not help post the debug output of the sshd as well. > >>It could be a permissions issue. Try 'chmod 600 ~/.shosts'. > I changed to 600 however still get the same prompt > > > // Naderan *Mahmood; > > > ----- Original Message ----- > From: Asif Iqbal <vadud3@xxxxxxxxx> > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx> > Sent: Wednesday, April 27, 2011 11:38 PM > Subject: Re: problem with HostbasedAuthentication > > On Wed, Apr 27, 2011 at 1:12 AM, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote: >>>Change the order method. Have hostbased before password >> >> Sorry where should I do that? > > man ssh_config and look into PreferredAuthentications > >> >> // Naderan *Mahmood; >> >> From: Asif Iqbal <vadud3@xxxxxxxxx> >> To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> >> Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx> >> Sent: Wednesday, April 27, 2011 9:17 AM >> Subject: Re: problem with HostbasedAuthentication >> >> >> Change the order method. Have hostbased before password >> On Apr 26, 2011 11:52 PM, "Mahmood Naderan" <nt_mahmood@xxxxxxxxx> wrote: >>> >>> >>> Hi, >>> I am trying to setup a hostbased passwrodless ssh from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html. >>> >>> The client looks like: >>> >>> mahmood@client:~$ cat /etc/ssh/ssh_config | grep "HostbasedAuthentication" >>> HostbasedAuthentication yes >>> mahmood@client:~$ cat /etc/ssh/ssh_config | grep "EnableSSHKeysign" >>> EnableSSHKeysign yes >>> >>> >>> and the server looks like: >>> mahmood@server:~$ cat /etc/ssh/sshd_config | grep "HostbasedAuthentication" >>> HostbasedAuthentication yes >>> mahmood@server:~$ cat /etc/ssh/sshd_config | grep "IgnoreRhosts" >>> IgnoreRhosts no >>> >>> also the server has the key for client: >>> >>> mahmood@server:~$ cat /etc/ssh/ssh_known_hosts >>> client ssh-rsa AAAAB3Nz..... >>> >>> the ~/.shosts file on the server contains: >>> mahmood@server:~$ cat .shosts >>> client.domain mahmood >>> >>> Then on both server and client, the ssh service is restarted: >>> mahmood@client:~$ sudo service ssh restart >>> ssh start/running, process 1355 >>> mahmood@server:~$ sudo service ssh restart >>> ssh start/running, process 28982 >>> >>> How, when I run "ssh -vvv server" from client (to show the verbose messages), I still get the password prompt. >>> >>> mahmood@client:~$ ssh -vvv server >>> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009 >>> debug1: Reading configuration data /etc/ssh/ssh_config >>> debug1: Applying options for * >>> debug2: ssh_connect: needpriv 0 >>> debug1: Connecting to server [192.168.1.1] port 22. >>> debug1: Connection established. >>> debug1: identity file /home/mahmood/.ssh/identity type -1 >>> debug1: identity file /home/mahmood/.ssh/id_rsa type -1 >>> debug1: identity file /home/mahmood/.ssh/id_dsa type -1 >>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4 >>> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH* >>> debug1: Enabling compatibility mode for protocol 2.0 >>> debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6 >>> debug2: fd 3 setting O_NONBLOCK >>> debug1: SSH2_MSG_KEXINIT sent >>> debug3: Wrote 792 bytes for a total of 831 >>> debug1: SSH2_MSG_KEXINIT received >>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- >>> group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- >>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx >>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- >>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx >>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- >>> md5-96 >>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- >>> md5-96 >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- >>> group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- >>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx >>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- >>> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx >>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- >>> md5-96 >>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- >>> md5-96 >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: mac_setup: found hmac-md5 >>> debug1: kex: server->client aes128-ctr hmac-md5 none >>> debug2: mac_setup: found hmac-md5 >>> debug1: kex: client->server aes128-ctr hmac-md5 none >>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >>> debug3: Wrote 24 bytes for a total of 855 >>> debug2: dh_gen_key: priv key bits set: 124/256 >>> debug2: bits set: 507/1024 >>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >>> debug3: Wrote 144 bytes for a total of 999 >>> debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts >>> debug3: check_host_in_hostfile: match line 1 >>> debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts >>> debug3: check_host_in_hostfile: match line 2 >>> debug1: Host 'server' is known and matches the RSA host key. >>> debug1: Found key in /home/mahmood/.ssh/known_hosts:1 >>> debug2: bits set: 503/1024 >>> debug1: ssh_rsa_verify: signature correct >>> debug2: kex_derive_keys >>> debug2: set_newkeys: mode 1 >>> debug1: SSH2_MSG_NEWKEYS sent >>> debug1: expecting SSH2_MSG_NEWKEYS >>> debug3: Wrote 16 bytes for a total of 1015 >>> debug2: set_newkeys: mode 0 >>> debug1: SSH2_MSG_NEWKEYS received >>> debug1: SSH2_MSG_SERVICE_REQUEST sent >>> debug3: Wrote 48 bytes for a total of 1063 >>> debug2: service_accept: ssh-userauth >>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>> debug2: key: /home/mahmood/.ssh/identity ((nil)) >>> debug2: key: /home/mahmood/.ssh/id_rsa ((nil)) >>> debug2: key: /home/mahmood/.ssh/id_dsa ((nil)) >>> debug3: Wrote 64 bytes for a total of 1127 >>> debug1: Authentications that can continue: publickey,password,hostbased >>> debug3: start over, passed a different list publickey,password,hostbased >>> debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password >>> debug3: authmethod_lookup hostbased >>> debug3: remaining preferred: publickey,keyboard-interactive,password >>> debug3: authmethod_is_enabled hostbased >>> debug1: Next authentication method: hostbased >>> debug2: userauth_hostbased: chost client. >>> debug2: ssh_keysign called >>> debug3: ssh_msg_send: type 2 >>> debug3: ssh_msg_recv entering >>> debug1: permanently_drop_suid: 1000 >>> debug2: we sent a hostbased packet, wait for reply >>> debug3: Wrote 608 bytes for a total of 1735 >>> debug1: Authentications that can continue: publickey,password,hostbased >>> debug2: userauth_hostbased: chost client. >>> debug2: ssh_keysign called >>> debug3: ssh_msg_send: type 2 >>> debug3: ssh_msg_recv entering >>> debug1: permanently_drop_suid: 1000 >>> debug2: we sent a hostbased packet, wait for reply >>> debug3: Wrote 672 bytes for a total of 2407 >>> debug1: Authentications that can continue: publickey,password,hostbased >>> debug1: No more client hostkeys for hostbased authentication. >>> debug2: we did not send a packet, disable method >>> debug3: authmethod_lookup publickey >>> debug3: remaining preferred: keyboard-interactive,password >>> debug3: authmethod_is_enabled publickey >>> debug1: Next authentication method: publickey >>> debug1: Trying private key: /home/mahmood/.ssh/identity >>> debug3: no such identity: /home/mahmood/.ssh/identity >>> debug1: Trying private key: /home/mahmood/.ssh/id_rsa >>> debug3: no such identity: /home/mahmood/.ssh/id_rsa >>> debug1: Trying private key: /home/mahmood/.ssh/id_dsa >>> debug3: no such identity: /home/mahmood/.ssh/id_dsa >>> debug2: we did not send a packet, disable method >>> debug3: authmethod_lookup password >>> debug3: remaining preferred: ,password >>> debug3: authmethod_is_enabled password >>> debug1: Next authentication method: password >>> mahmood@server's password: >>> >>> >>> Any idea about that? >>> >>> // Naderan *Mahmood; >>> >> > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
