Enabling HostbasedAuthentication while using the file /etc/ssh/shosts.equiv does not work: Server Settings in /etc/ssh/sshd_config --------------------------------------- Port 22 Protocol 2 SyslogFacility AUTHPRIV X11Forwarding yes AllowUsers root oracle AllowTcpForwarding yes HostKey /etc/ssh/ssh_host_dsa_key HostbasedAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsAuthentication no ChallengeResponseAuthentication no Ciphers aes128-cbc,aes192-cbc,blowfish-cbc,aes256-cbc,3des-cbc GatewayPorts yes KeyRegenerationInterval 3600 KeepAlive yes LogLevel DEBUG LoginGraceTime 120 MaxStartups 10:30:60 PasswordAuthentication yes PermitEmptyPasswords no PermitRootLogin yes File /etc/ssh/shosts.equiv -------------------------- testhost2.test.com All host-keys are known (server and client) and verified. The client (testhost2) uses the same openssh version and is 2.1ES as well. While connecting I get the server log as attached. The file /etc/ssh/shosts.equiv seems not be considered at all. Version-Release number of selected component (if applicable): openssh-server-3.1p1-15, openssh-clients-3.1p1-15 How reproducible: Always Steps to Reproduce: 1. Configure sshd_config as above 2. Create the file /etc/ssh/shosts.equiv 3. try hostbased authentication Actual Results: hostbased authentication does not work Expected Results: hostbased authentication works Additional info: openssh delivered with 2.1ES seems to be rather old anyway and lacks lots of features seen in newer versions (priviledge separation, ..)
Created attachment 108121 [details] SSH server Log (DEBUG mode) as mentioned above
RHosts authentication is hard-coded to be disallowed for the root user. Can you verify that it works if you attempt to log in as an unprivileged user?
I disabled RhostsAuthentication by purpose - I want HostbasedAuthentication to work with protocol version 2 only and do not see any connection between the two items. The goal is to avoid the rhosts stuff and use openssh' own configuration file /etc/shosts.equiv. Unprivileged users will not help me neither, I need this settings for administration puporses. Isn't it possible to circumvent the .rhosts files?
Why not use su or sudo on special account created for this.