Bug 142255 - Hostbased Auth with /etc/ssh/shosts.equiv
Hostbased Auth with /etc/ssh/shosts.equiv
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: openssh (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2004-12-08 11:27 EST by Oli Kessler
Modified: 2007-11-30 17:06 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-10 04:46:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
SSH server Log (DEBUG mode) (2.03 KB, text/plain)
2004-12-08 11:29 EST, Oli Kessler
no flags Details

  None (edit)
Description Oli Kessler 2004-12-08 11:27:27 EST
Enabling HostbasedAuthentication while using the file
/etc/ssh/shosts.equiv does not work:

Server Settings in /etc/ssh/sshd_config

Port 22
Protocol 2
SyslogFacility AUTHPRIV
X11Forwarding yes
AllowUsers root oracle
AllowTcpForwarding yes
HostKey /etc/ssh/ssh_host_dsa_key
HostbasedAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsAuthentication no
ChallengeResponseAuthentication no
Ciphers aes128-cbc,aes192-cbc,blowfish-cbc,aes256-cbc,3des-cbc
GatewayPorts yes
KeyRegenerationInterval 3600
KeepAlive yes
LogLevel DEBUG
LoginGraceTime 120
MaxStartups 10:30:60
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin yes

File /etc/ssh/shosts.equiv

All host-keys are known (server and client) and verified.

The client  (testhost2) uses the same openssh version and is 2.1ES as
well. While connecting I get the server log as attached.

The file /etc/ssh/shosts.equiv seems not be considered at all.

Version-Release number of selected component (if applicable):
openssh-server-3.1p1-15, openssh-clients-3.1p1-15

How reproducible:

Steps to Reproduce:
1. Configure sshd_config as above
2. Create the file /etc/ssh/shosts.equiv
3. try hostbased authentication

Actual Results:  hostbased authentication does not work

Expected Results:  hostbased authentication works

Additional info:

openssh delivered with 2.1ES seems to be rather old anyway and lacks
lots of features seen in newer versions (priviledge separation, ..)
Comment 1 Oli Kessler 2004-12-08 11:29:24 EST
Created attachment 108121 [details]
SSH server Log (DEBUG mode)

as mentioned above
Comment 2 Nalin Dahyabhai 2004-12-08 12:25:54 EST
RHosts authentication is hard-coded to be disallowed for the root
user.  Can you verify that it works if you attempt to log in as an
unprivileged user?
Comment 3 Oli Kessler 2004-12-13 09:01:59 EST
I disabled RhostsAuthentication by purpose - I want
HostbasedAuthentication to work with protocol version 2 only and do
not see any connection between the two items.

The goal is to avoid the rhosts stuff and use openssh' own
configuration file /etc/shosts.equiv. Unprivileged users will not help
me neither, I need this settings for administration puporses.

Isn't it possible to circumvent the .rhosts files? 
Comment 4 Tomas Mraz 2005-02-10 04:46:27 EST
Why not use su or sudo on special account created for this.

Note You need to log in before you can comment on or make changes to this bug.