This is what I get mahmood@server:~$ sudo /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 686 debug2: parse_server_config: config /etc/ssh/sshd_config len 686 debug3: /etc/ssh/sshd_config:5 setting Port 22 debug3: /etc/ssh/sshd_config:9 setting Protocol 2 debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key debug3: /etc/ssh/sshd_config:14 setting UsePrivilegeSeparation yes debug3: /etc/ssh/sshd_config:17 setting KeyRegenerationInterval 3600 debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768 debug3: /etc/ssh/sshd_config:20 setting UseDns no debug3: /etc/ssh/sshd_config:21 setting VerifyReverseMapping No /etc/ssh/sshd_config line 21: Deprecated option VerifyReverseMapping debug3: /etc/ssh/sshd_config:24 setting SyslogFacility AUTH debug3: /etc/ssh/sshd_config:25 setting LogLevel INFO debug3: /etc/ssh/sshd_config:28 setting LoginGraceTime 120 debug3: /etc/ssh/sshd_config:29 setting PermitRootLogin yes debug3: /etc/ssh/sshd_config:30 setting StrictModes yes debug3: /etc/ssh/sshd_config:32 setting RSAAuthentication yes debug3: /etc/ssh/sshd_config:33 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:37 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:39 setting RhostsRSAAuthentication no debug3: /etc/ssh/sshd_config:41 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:49 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:53 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:68 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:69 setting X11DisplayOffset 10 debug3: /etc/ssh/sshd_config:70 setting PrintMotd no debug3: /etc/ssh/sshd_config:71 setting PrintLastLog yes debug3: /etc/ssh/sshd_config:72 setting TCPKeepAlive yes debug3: /etc/ssh/sshd_config:79 setting AcceptEnv LANG LC_* debug3: /etc/ssh/sshd_config:81 setting Subsystem sftp /usr/lib/openssh/sftp-server debug3: /etc/ssh/sshd_config:92 setting UsePAM yes debug1: sshd version OpenSSH_5.3p1 Debian-3ubuntu4 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Bind to port 22 on 0.0.0.0 failed: Address already in use. debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on ::. Bind to port 22 on :: failed: Address already in use. Cannot bind any address. mahmood@server:~$ // Naderan *Mahmood; ----- Original Message ----- From: Sharad <sharad2011@xxxxxxxxx> To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> Cc: secureshell@xxxxxxxxxxxxxxxxx Sent: Friday, April 29, 2011 1:04 PM Subject: Re: problem with HostbasedAuthentication Use the absolute path of sshd as follows: sudo /etc/ssh/sbin/sshd -ddd Please ensure that the path is correct. I don't know if ur sshd exists in /etc/ssh/sbin/sshd. Regards, sharad --- On Fri, 29/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote: > From: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > Subject: Re: problem with HostbasedAuthentication > To: "Sharad" <sharad2011@xxxxxxxxx> > Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx> > Date: Friday, 29 April, 2011, 12:34 PM > Sorry what do you mean? > > mahmood@server:~$ sudo sshd -d > sshd re-exec requires execution with an absolute path > mahmood@server:~$ sudo sshd -d 3 > sshd re-exec requires execution with an absolute path > mahmood@server:~$ sudo sshd -ddd > sshd re-exec requires execution with an absolute path > > My last post was the debug information for > server->client. > > // Naderan *Mahmood; > > > ----- Original Message ----- > From: Sharad <sharad2011@xxxxxxxxx> > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > <secureshell@xxxxxxxxxxxxxxxxx> > Sent: Friday, April 29, 2011 11:31 AM > Subject: Re: problem with HostbasedAuthentication > > Can you run debug on server as well using sshd -d. More > -d's mean more debug information (you can use at the max 3 > d's) :D > > Regards, > Sharad > --- On Fri, 29/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> > wrote: > > > From: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > Subject: Re: problem with HostbasedAuthentication > > To: "Sharad" <sharad2011@xxxxxxxxx> > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > <secureshell@xxxxxxxxxxxxxxxxx> > > Date: Friday, 29 April, 2011, 12:23 PM > > The same thing happens with IP > > address > > > > > > mahmood@server:~$ ssh -vvv 192.168.1.3 > > OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar > 2009 > > debug1: Reading configuration data > /etc/ssh/ssh_config > > debug1: Applying options for * > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to 192.168.1.3 [192.168.1.3] port > 22. > > debug1: Connection established. > > debug1: identity file /home/mahmood/.ssh/identity type > -1 > > debug1: identity file /home/mahmood/.ssh/id_rsa type > -1 > > debug1: identity file /home/mahmood/.ssh/id_dsa type > -1 > > debug1: Remote protocol version 2.0, remote software > > version OpenSSH_5.3p1 Debian-3ubuntu6 > > debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat > OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_5.3p1 > > Debian-3ubuntu4 > > debug2: fd 3 setting O_NONBLOCK > > debug1: SSH2_MSG_KEXINIT sent > > debug3: Wrote 792 bytes for a total of 831 > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: > > > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > debug2: kex_parse_kexinit: > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: kex_parse_kexinit: > > > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > debug2: kex_parse_kexinit: > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: mac_setup: found hmac-md5 > > debug1: kex: server->client aes128-ctr hmac-md5 > none > > debug2: mac_setup: found hmac-md5 > > debug1: kex: client->server aes128-ctr hmac-md5 > none > > debug1: > SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) > > sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug3: Wrote 24 bytes for a total of 855 > > debug2: dh_gen_key: priv key bits set: 129/256 > > debug2: bits set: 505/1024 > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug3: Wrote 144 bytes for a total of 999 > > debug3: check_host_in_hostfile: filename > > /home/mahmood/.ssh/known_hosts > > debug3: check_host_in_hostfile: match line 1 > > debug1: Host '192.168.1.3' is known and matches the > RSA > > host key. > > debug1: Found key in /home/mahmood/.ssh/known_hosts:1 > > debug2: bits set: 517/1024 > > debug1: ssh_rsa_verify: signature correct > > debug2: kex_derive_keys > > debug2: set_newkeys: mode 1 > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug3: Wrote 16 bytes for a total of 1015 > > debug2: set_newkeys: mode 0 > > debug1: SSH2_MSG_NEWKEYS received > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > debug3: Wrote 48 bytes for a total of 1063 > > debug2: service_accept: ssh-userauth > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug2: key: /home/mahmood/.ssh/identity ((nil)) > > debug2: key: /home/mahmood/.ssh/id_rsa ((nil)) > > debug2: key: /home/mahmood/.ssh/id_dsa ((nil)) > > debug3: Wrote 64 bytes for a total of 1127 > > debug1: Authentications that can continue: > > publickey,password,hostbased > > debug3: start over, passed a different list > > publickey,password,hostbased > > debug3: preferred > > > gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password > > debug3: authmethod_lookup hostbased > > debug3: remaining preferred: > > publickey,keyboard-interactive,password > > debug3: authmethod_is_enabled hostbased > > debug1: Next authentication method: hostbased > > get_socket_address: getnameinfo 8 failed: Name or > service > > not known > > debug2: userauth_hostbased: chost server. > > debug2: ssh_keysign called > > debug3: ssh_msg_send: type 2 > > debug3: ssh_msg_recv entering > > debug1: permanently_drop_suid: 1000 > > get_socket_address: getnameinfo 8 failed: Name or > service > > not known > > cannot get sockname for fd > > ssh_keysign: no reply > > key_sign failed > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup publickey > > debug3: remaining preferred: > keyboard-interactive,password > > debug3: authmethod_is_enabled publickey > > debug1: Next authentication method: publickey > > debug1: Trying private key: > /home/mahmood/.ssh/identity > > debug3: no such identity: /home/mahmood/.ssh/identity > > debug1: Trying private key: /home/mahmood/.ssh/id_rsa > > debug3: no such identity: /home/mahmood/.ssh/id_rsa > > debug1: Trying private key: /home/mahmood/.ssh/id_dsa > > debug3: no such identity: /home/mahmood/.ssh/id_dsa > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup password > > debug3: remaining preferred: ,password > > debug3: authmethod_is_enabled password > > debug1: Next authentication method: password > > mahmood@xxxxxxxxxxx's password: > > > > > > // Naderan *Mahmood; > > > > > > ----- Original Message ----- > > From: Sharad <sharad2011@xxxxxxxxx> > > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > <secureshell@xxxxxxxxxxxxxxxxx> > > Sent: Friday, April 29, 2011 11:19 AM > > Subject: Re: problem with HostbasedAuthentication > > > > Hi Mahmood, > > > > This line looks out of place. Check that host name is > > getting resolved: > > > > get_socket_address: getnameinfo 8 failed: Name or > service > > not known > > > > I am sure you would have performed the same steps on > both > > hosts. Try establishing connection with IP Address > instead > > of hostname. > > > > Regards, > > Sharad > > --- On Thu, 28/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > wrote: > > > > > From: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > Subject: Re: problem with > HostbasedAuthentication > > > To: "Sharad" <sharad2011@xxxxxxxxx> > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > <secureshell@xxxxxxxxxxxxxxxxx> > > > Date: Thursday, 28 April, 2011, 11:12 PM > > > Dear Sharad, > > > I am now trying to setup a hostbased ssh from > server > > to > > > client (previously client->server worked fine > based > > on > > > your help). I want it to be bidirectional. > > > > > > I did the same thing in reverse (now the client > > becomes > > > server and the server becoms client). However > this is > > what I > > > get while trying to ssh from server to client: > > > > > > > > > debug3: Wrote 48 bytes for a total of 1063 > > > debug2: service_accept: ssh-userauth > > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > > debug2: key: /home/mahmood/.ssh/identity ((nil)) > > > debug2: key: /home/mahmood/.ssh/id_rsa ((nil)) > > > debug2: key: /home/mahmood/.ssh/id_dsa ((nil)) > > > debug3: Wrote 64 bytes for a total of 1127 > > > debug1: Authentications that can continue: > > > publickey,password,hostbased > > > debug3: start over, passed a different list > > > publickey,password,hostbased > > > debug3: preferred > > > > > > gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password > > > debug3: authmethod_lookup hostbased > > > debug3: remaining preferred: > > > publickey,keyboard-interactive,password > > > debug3: authmethod_is_enabled hostbased > > > debug1: Next authentication method: hostbased > > > get_socket_address: getnameinfo 8 failed: Name > or > > service > > > not known > > > debug2: userauth_hostbased: chost server. > > > debug2: ssh_keysign called > > > debug3: ssh_msg_send: type 2 > > > debug3: ssh_msg_recv entering > > > debug1: permanently_drop_suid: 1000 > > > get_socket_address: getnameinfo 8 failed: Name > or > > service > > > not known > > > cannot get sockname for fd > > > ssh_keysign: no reply > > > key_sign failed > > > debug2: we did not send a packet, disable method > > > debug3: authmethod_lookup publickey > > > debug3: remaining preferred: > > keyboard-interactive,password > > > debug3: authmethod_is_enabled publickey > > > debug1: Next authentication method: publickey > > > debug1: Trying private key: > > /home/mahmood/.ssh/identity > > > debug3: no such identity: > /home/mahmood/.ssh/identity > > > debug1: Trying private key: > /home/mahmood/.ssh/id_rsa > > > debug3: no such identity: > /home/mahmood/.ssh/id_rsa > > > debug1: Trying private key: > /home/mahmood/.ssh/id_dsa > > > debug3: no such identity: > /home/mahmood/.ssh/id_dsa > > > debug2: we did not send a packet, disable method > > > debug3: authmethod_lookup password > > > debug3: remaining preferred: ,password > > > debug3: authmethod_is_enabled password > > > debug1: Next authentication method: password > > > mahmood@xxxxxxxxxxx's password: > > > > > > > > > What is your suggestion? > > > > > > // Naderan *Mahmood; > > > > > > > > > ----- Original Message ----- > > > From: Sharad <sharad2011@xxxxxxxxx> > > > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > > <secureshell@xxxxxxxxxxxxxxxxx> > > > Sent: Thursday, April 28, 2011 5:20 PM > > > Subject: Re: problem with > HostbasedAuthentication > > > > > > Mahmood, > > > > > > The files are /home/username/.ssh/known_hosts on > both > > > server and client. > > > > > > By FQDN, I meant host's fully qualified domain > name. > > > > > > Following is the example: > > > > > > Assuming both client and server are linux hosts: > > > > > > Server IP: 192.168.1.1 > > > Client IP: 192.168.1.101 > > > > > > Server Name: lnx_srvr_1.domain.com > > > Client Name: lnx_clnt_101.domain.com > > > > > > User name on each host is mahmood. > > > > > > Following would be the entries in .shosts on > > lnx_srvr_1 > > > > > > > > > lnx_srvr_1:/home/mahmood $ cat .shosts > > > > > > lnx_clnt_101.domain.com mahmood > > > 192.168.1.101 mahmood > > > lnx_clnt_101 mahmood > > > > > > Following should exist in > > /home/mahmood/.ssh/known_hosts > > > file on the server side: > > > > 192.168.1.101,lnx_clnt_101,lnx_clnt_101.domain.com > > > ssh-rsa AAAAB3Nz... > > > > > > Following should also exist in > > > /home/mahmood/.ssh/known_hosts file on the > client > > side: > > > 192.168.1.1,lnx_srvr_1,lnx_srvr_1.domain.com > > ssh-rsa > > > AAAAB3Nz... > > > > > > Ensure that .ssh directory on both client and > server > > are > > > rwx for owner only and group/rest of world is > 000. > > > > > > Hope this helps! Good Luck! :) > > > > > > Regards, > > > Sharad > > > --- On Thu, 28/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > wrote: > > > > > > > From: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > > Subject: Re: problem with > > HostbasedAuthentication > > > > To: "Sharad" <sharad2011@xxxxxxxxx> > > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > > <secureshell@xxxxxxxxxxxxxxxxx> > > > > Date: Thursday, 28 April, 2011, 3:54 PM > > > > Can you explain exactly which file I > > > > should edit? What is FQDN? By 'hostname', Do > you > > mean > > > server > > > > hostname of client hostname. > > > > Should I do that on both side or server > side?... > > > > > > > > // Naderan *Mahmood; > > > > > > > > > > > > ----- Original Message ----- > > > > From: Sharad <sharad2011@xxxxxxxxx> > > > > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx>; > > > > Asif Iqbal <vadud3@xxxxxxxxx> > > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > > > <secureshell@xxxxxxxxxxxxxxxxx> > > > > Sent: Thursday, April 28, 2011 1:16 PM > > > > Subject: Re: problem with > > HostbasedAuthentication > > > > > > > > Sometimes the issue lies with hostname as > well. > > What I > > > mean > > > > with that is the known_hosts may have just > the > > host > > > name > > > > where as when the connection is established, > the > > debug > > > shows > > > > the FQDN. I faced this issue so to be sure, > I > > edited > > > the > > > > known_hosts file and inserted the hostname, > > hostname's > > > FQDN > > > > and it's IP address (all comma separated). > > > > > > > > Also ensure that you both the hosts' > known_hosts > > files > > > have > > > > opposite servers names (as prescribed > above). > > > > > > > > All the above checks makes it work for me. > > > > > > > > Hope this solves. > > > > > > > > Kind regards, > > > > Sharad > > > > --- On Thu, 28/4/11, Asif Iqbal <vadud3@xxxxxxxxx> > > > > wrote: > > > > > > > > > From: Asif Iqbal <vadud3@xxxxxxxxx> > > > > > Subject: Re: problem with > > > HostbasedAuthentication > > > > > To: "Mahmood Naderan" <nt_mahmood@xxxxxxxxx> > > > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > > > <secureshell@xxxxxxxxxxxxxxxxx> > > > > > Date: Thursday, 28 April, 2011, 12:38 > AM > > > > > On Wed, Apr 27, 2011 at 1:12 AM, > > > > > Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > > > wrote: > > > > > >>Change the order method. Have > > hostbased > > > > before > > > > > password > > > > > > > > > > > > Sorry where should I do that? > > > > > > > > > > man ssh_config and look into > > > PreferredAuthentications > > > > > > > > > > > > > > > > > // Naderan *Mahmood; > > > > > > > > > > > > From: Asif Iqbal <vadud3@xxxxxxxxx> > > > > > > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > > > > <secureshell@xxxxxxxxxxxxxxxxx> > > > > > > Sent: Wednesday, April 27, 2011 > 9:17 > > AM > > > > > > Subject: Re: problem with > > > > HostbasedAuthentication > > > > > > > > > > > > > > > > > > Change the order method. Have > > hostbased > > > before > > > > > password > > > > > > On Apr 26, 2011 11:52 PM, > "Mahmood > > Naderan" > > > > <nt_mahmood@xxxxxxxxx> > > > > > wrote: > > > > > >> > > > > > >> > > > > > >> Hi, > > > > > >> I am trying to setup a > hostbased > > > passwrodless > > > > ssh > > > > > from a client to a server using this > guide > > http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html. > > > > > >> > > > > > >> The client looks like: > > > > > >> > > > > > >> mahmood@client:~$ cat > > > /etc/ssh/ssh_config | > > > > grep > > > > > "HostbasedAuthentication" > > > > > >> HostbasedAuthentication > yes > > > > > >> mahmood@client:~$ cat > > > /etc/ssh/ssh_config | > > > > grep > > > > > "EnableSSHKeysign" > > > > > >> EnableSSHKeysign yes > > > > > >> > > > > > >> > > > > > >> and the server looks like: > > > > > >> mahmood@server:~$ cat > > > /etc/ssh/sshd_config > > > > | > > > > > grep "HostbasedAuthentication" > > > > > >> HostbasedAuthentication yes > > > > > >> mahmood@server:~$ cat > > > /etc/ssh/sshd_config > > > > | > > > > > grep "IgnoreRhosts" > > > > > >> IgnoreRhosts no > > > > > >> > > > > > >> also the server has the key > for > > client: > > > > > >> > > > > > >> mahmood@server:~$ cat > > > > /etc/ssh/ssh_known_hosts > > > > > >> client ssh-rsa AAAAB3Nz..... > > > > > >> > > > > > >> the ~/.shosts file on the > server > > > contains: > > > > > >> mahmood@server:~$ cat .shosts > > > > > >> client.domain mahmood > > > > > >> > > > > > >> Then on both server and > client, the > > ssh > > > > service is > > > > > restarted: > > > > > >> mahmood@client:~$ sudo service > ssh > > > restart > > > > > >> ssh start/running, process > 1355 > > > > > >> mahmood@server:~$ sudo service > ssh > > > restart > > > > > >> ssh start/running, process > 28982 > > > > > >> > > > > > >> How, when I run "ssh -vvv > server" > > from > > > client > > > > (to > > > > > show the verbose messages), I still get > the > > > password > > > > > prompt. > > > > > >> > > > > > >> mahmood@client:~$ ssh -vvv > server > > > > > >> OpenSSH_5.3p1 > Debian-3ubuntu6, > > OpenSSL > > > 0.9.8k > > > > 25 > > > > > Mar 2009 > > > > > >> debug1: Reading configuration > data > > > > > /etc/ssh/ssh_config > > > > > >> debug1: Applying options for > * > > > > > >> debug2: ssh_connect: needpriv > 0 > > > > > >> debug1: Connecting to server > > > [192.168.1.1] > > > > port > > > > > 22. > > > > > >> debug1: Connection > established. > > > > > >> debug1: identity file > > > > /home/mahmood/.ssh/identity > > > > > type -1 > > > > > >> debug1: identity file > > > > /home/mahmood/.ssh/id_rsa > > > > > type -1 > > > > > >> debug1: identity file > > > > /home/mahmood/.ssh/id_dsa > > > > > type -1 > > > > > >> debug1: Remote protocol > version > > 2.0, > > > remote > > > > > software version OpenSSH_5.3p1 > > Debian-3ubuntu4 > > > > > >> debug1: match: OpenSSH_5.3p1 > > > Debian-3ubuntu4 > > > > pat > > > > > OpenSSH* > > > > > >> debug1: Enabling compatibility > mode > > for > > > > protocol > > > > > 2.0 > > > > > >> debug1: Local version string > > > > SSH-2.0-OpenSSH_5.3p1 > > > > > Debian-3ubuntu6 > > > > > >> debug2: fd 3 setting > O_NONBLOCK > > > > > >> debug1: SSH2_MSG_KEXINIT sent > > > > > >> debug3: Wrote 792 bytes for a > total > > of > > > 831 > > > > > >> debug1: SSH2_MSG_KEXINIT > received > > > > > >> debug2: kex_parse_kexinit: > > > > > > > > > > > > > > > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > > > > > >> group1-sha1 > > > > > >> debug2: kex_parse_kexinit: > > > ssh-rsa,ssh-dss > > > > > >> debug2: kex_parse_kexinit: > > > > > > > > > > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > > > >> debug2: kex_parse_kexinit: > > > > > > > > > > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > > > >> debug2: kex_parse_kexinit: > > > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > > > >> md5-96 > > > > > >> debug2: kex_parse_kexinit: > > > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > > > >> md5-96 > > > > > >> debug2: kex_parse_kexinit: > none,zlib@xxxxxxxxxxx,zlib > > > > > >> debug2: kex_parse_kexinit: > none,zlib@xxxxxxxxxxx,zlib > > > > > >> debug2: kex_parse_kexinit: > > > > > >> debug2: kex_parse_kexinit: > > > > > >> debug2: kex_parse_kexinit: > > > first_kex_follows > > > > 0 > > > > > >> debug2: kex_parse_kexinit: > reserved > > 0 > > > > > >> debug2: kex_parse_kexinit: > > > > > > > > > > > > > > > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > > > > > >> group1-sha1 > > > > > >> debug2: kex_parse_kexinit: > > > ssh-rsa,ssh-dss > > > > > >> debug2: kex_parse_kexinit: > > > > > > > > > > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > > > >> debug2: kex_parse_kexinit: > > > > > > > > > > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > > > >> debug2: kex_parse_kexinit: > > > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > > > >> md5-96 > > > > > >> debug2: kex_parse_kexinit: > > > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > > > >> md5-96 > > > > > >> debug2: kex_parse_kexinit: > none,zlib@xxxxxxxxxxx > > > > > >> debug2: kex_parse_kexinit: > none,zlib@xxxxxxxxxxx > > > > > >> debug2: kex_parse_kexinit: > > > > > >> debug2: kex_parse_kexinit: > > > > > >> debug2: kex_parse_kexinit: > > > first_kex_follows > > > > 0 > > > > > >> debug2: kex_parse_kexinit: > reserved > > 0 > > > > > >> debug2: mac_setup: found > hmac-md5 > > > > > >> debug1: kex: > server->client > > > aes128-ctr > > > > hmac-md5 > > > > > none > > > > > >> debug2: mac_setup: found > hmac-md5 > > > > > >> debug1: kex: > client->server > > > aes128-ctr > > > > hmac-md5 > > > > > none > > > > > >> debug1: > > > > > > > > > SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) > > > > sent > > > > > >> debug1: expecting > > > SSH2_MSG_KEX_DH_GEX_GROUP > > > > > >> debug3: Wrote 24 bytes for a > total > > of > > > 855 > > > > > >> debug2: dh_gen_key: priv key > bits > > set: > > > > 124/256 > > > > > >> debug2: bits set: 507/1024 > > > > > >> debug1: > SSH2_MSG_KEX_DH_GEX_INIT > > sent > > > > > >> debug1: expecting > > > SSH2_MSG_KEX_DH_GEX_REPLY > > > > > >> debug3: Wrote 144 bytes for a > total > > of > > > 999 > > > > > >> debug3: > check_host_in_hostfile: > > > filename > > > > > /home/mahmood/.ssh/known_hosts > > > > > >> debug3: > check_host_in_hostfile: > > match > > > line 1 > > > > > >> debug3: > check_host_in_hostfile: > > > filename > > > > > /home/mahmood/.ssh/known_hosts > > > > > >> debug3: > check_host_in_hostfile: > > match > > > line 2 > > > > > >> debug1: Host 'server' is known > and > > > matches > > > > the RSA > > > > > host key. > > > > > >> debug1: Found key in > > > > > /home/mahmood/.ssh/known_hosts:1 > > > > > >> debug2: bits set: 503/1024 > > > > > >> debug1: ssh_rsa_verify: > signature > > > correct > > > > > >> debug2: kex_derive_keys > > > > > >> debug2: set_newkeys: mode 1 > > > > > >> debug1: SSH2_MSG_NEWKEYS sent > > > > > >> debug1: expecting > SSH2_MSG_NEWKEYS > > > > > >> debug3: Wrote 16 bytes for a > total > > of > > > 1015 > > > > > >> debug2: set_newkeys: mode 0 > > > > > >> debug1: SSH2_MSG_NEWKEYS > received > > > > > >> debug1: > SSH2_MSG_SERVICE_REQUEST > > sent > > > > > >> debug3: Wrote 48 bytes for a > total > > of > > > 1063 > > > > > >> debug2: service_accept: > > ssh-userauth > > > > > >> debug1: > SSH2_MSG_SERVICE_ACCEPT > > > received > > > > > >> debug2: key: > > > /home/mahmood/.ssh/identity > > > > ((nil)) > > > > > >> debug2: key: > > /home/mahmood/.ssh/id_rsa > > > > ((nil)) > > > > > >> debug2: key: > > /home/mahmood/.ssh/id_dsa > > > > ((nil)) > > > > > >> debug3: Wrote 64 bytes for a > total > > of > > > 1127 > > > > > >> debug1: Authentications that > can > > > continue: > > > > > publickey,password,hostbased > > > > > >> debug3: start over, passed a > > different > > > list > > > > > publickey,password,hostbased > > > > > >> debug3: preferred > > > > > > > > > > > > > > > gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password > > > > > >> debug3: authmethod_lookup > > hostbased > > > > > >> debug3: remaining preferred: > > > > > > publickey,keyboard-interactive,password > > > > > >> debug3: authmethod_is_enabled > > hostbased > > > > > >> debug1: Next authentication > > method: > > > > hostbased > > > > > >> debug2: userauth_hostbased: > chost > > > client. > > > > > >> debug2: ssh_keysign called > > > > > >> debug3: ssh_msg_send: type 2 > > > > > >> debug3: ssh_msg_recv entering > > > > > >> debug1: > permanently_drop_suid: > > 1000 > > > > > >> debug2: we sent a hostbased > packet, > > wait > > > for > > > > > reply > > > > > >> debug3: Wrote 608 bytes for a > total > > of > > > 1735 > > > > > >> debug1: Authentications that > can > > > continue: > > > > > publickey,password,hostbased > > > > > >> debug2: userauth_hostbased: > chost > > > client. > > > > > >> debug2: ssh_keysign called > > > > > >> debug3: ssh_msg_send: type 2 > > > > > >> debug3: ssh_msg_recv entering > > > > > >> debug1: > permanently_drop_suid: > > 1000 > > > > > >> debug2: we sent a hostbased > packet, > > wait > > > for > > > > > reply > > > > > >> debug3: Wrote 672 bytes for a > total > > of > > > 2407 > > > > > >> debug1: Authentications that > can > > > continue: > > > > > publickey,password,hostbased > > > > > >> debug1: No more client > hostkeys > > for > > > > hostbased > > > > > authentication. > > > > > >> debug2: we did not send a > packet, > > > disable > > > > method > > > > > >> debug3: authmethod_lookup > > publickey > > > > > >> debug3: remaining preferred: > > > > > keyboard-interactive,password > > > > > >> debug3: authmethod_is_enabled > > publickey > > > > > >> debug1: Next authentication > > method: > > > > publickey > > > > > >> debug1: Trying private key: > > > > > /home/mahmood/.ssh/identity > > > > > >> debug3: no such identity: > > > > > /home/mahmood/.ssh/identity > > > > > >> debug1: Trying private key: > > > > > /home/mahmood/.ssh/id_rsa > > > > > >> debug3: no such identity: > > > > > /home/mahmood/.ssh/id_rsa > > > > > >> debug1: Trying private key: > > > > > /home/mahmood/.ssh/id_dsa > > > > > >> debug3: no such identity: > > > > > /home/mahmood/.ssh/id_dsa > > > > > >> debug2: we did not send a > packet, > > > disable > > > > method > > > > > >> debug3: authmethod_lookup > password > > > > > >> debug3: remaining preferred: > > ,password > > > > > >> debug3: authmethod_is_enabled > > password > > > > > >> debug1: Next authentication > > method: > > > password > > > > > >> mahmood@server's password: > > > > > >> > > > > > >> > > > > > >> Any idea about that? > > > > > >> > > > > > >> // Naderan *Mahmood; > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Asif Iqbal > > > > > PGP Key: 0xE62693C5 KeyServer: > pgp.mit.edu > > > > > A: Because it messes up the order in > which > > > people > > > > normally > > > > > read text. > > > > > Q: Why is top-posting such a bad > thing? > > > > > > > > > > > > > > > > > > > > >