Bug 142255 - Hostbased Auth with /etc/ssh/shosts.equiv
Summary: Hostbased Auth with /etc/ssh/shosts.equiv
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: openssh
Version: 2.1
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-12-08 16:27 UTC by Oli Kessler
Modified: 2007-11-30 22:06 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-02-10 09:46:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
SSH server Log (DEBUG mode) (2.03 KB, text/plain)
2004-12-08 16:29 UTC, Oli Kessler 		no flags Details
View All

Description Oli Kessler 2004-12-08 16:27:27 UTC 
Enabling HostbasedAuthentication while using the file
/etc/ssh/shosts.equiv does not work:

Server Settings in /etc/ssh/sshd_config
---------------------------------------

Port 22
Protocol 2
SyslogFacility AUTHPRIV
X11Forwarding yes
AllowUsers root oracle
AllowTcpForwarding yes
HostKey /etc/ssh/ssh_host_dsa_key
HostbasedAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsAuthentication no
ChallengeResponseAuthentication no
Ciphers aes128-cbc,aes192-cbc,blowfish-cbc,aes256-cbc,3des-cbc
GatewayPorts yes
KeyRegenerationInterval 3600
KeepAlive yes
LogLevel DEBUG
LoginGraceTime 120
MaxStartups 10:30:60
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin yes

File /etc/ssh/shosts.equiv
--------------------------
testhost2.test.com



All host-keys are known (server and client) and verified.

The client  (testhost2) uses the same openssh version and is 2.1ES as
well. While connecting I get the server log as attached.

The file /etc/ssh/shosts.equiv seems not be considered at all.






Version-Release number of selected component (if applicable):
openssh-server-3.1p1-15, openssh-clients-3.1p1-15

How reproducible:
Always

Steps to Reproduce:
1. Configure sshd_config as above
2. Create the file /etc/ssh/shosts.equiv
3. try hostbased authentication
    

Actual Results:  hostbased authentication does not work

Expected Results:  hostbased authentication works

Additional info:

openssh delivered with 2.1ES seems to be rather old anyway and lacks
lots of features seen in newer versions (priviledge separation, ..)
Comment 1 Oli Kessler 2004-12-08 16:29:24 UTC 
Created attachment 108121 [details]
SSH server Log (DEBUG mode)

as mentioned above
Comment 2 Nalin Dahyabhai 2004-12-08 17:25:54 UTC 
RHosts authentication is hard-coded to be disallowed for the root
user.  Can you verify that it works if you attempt to log in as an
unprivileged user?
Comment 3 Oli Kessler 2004-12-13 14:01:59 UTC 
I disabled RhostsAuthentication by purpose - I want
HostbasedAuthentication to work with protocol version 2 only and do
not see any connection between the two items.

The goal is to avoid the rhosts stuff and use openssh' own
configuration file /etc/shosts.equiv. Unprivileged users will not help
me neither, I need this settings for administration puporses.

Isn't it possible to circumvent the .rhosts files?
Comment 4 Tomas Mraz 2005-02-10 09:46:27 UTC 
Why not use su or sudo on special account created for this.
Note You need to log in before you can comment on or make changes to this bug.