ssh trusted host logins
Mark T. Valites
valites at geneseo.edu
Fri May 7 14:12:40 EDT 2004
On Fri, 7 May 2004, Darin Perusich wrote:
> is anyone doing trusted host logins with openssh protocol version 2?
> i've been trying to get this working all morning and i'm not having any
> luck. i'm using OpenSSH_3.7.1p2.
How are you generating your keys?
Have you tried throwing a couple '-v's on your ssh connection attempts?
Three '-v's should give you pretty verbose outputs.
How about perms on the keys? That's bitten me a couple times.
> the configs for both systems (host1 and host2) are identical.
>
> /etc/ssh/ssh_config
> Host *
> ForwardAgent yes
> ForwardX11 yes
> HostbasedAuthentication yes
> EnableSSHKeysign yes
>
> /etc/ssh/sshd_config
> PermitRootLogin no
> HostbasedAuthentication yes
> X11Forwarding yes
> UsePrivilegeSeparation yes
> Banner /etc/issue
> Subsystem sftp /usr/lib/ssh/sftp-server
>
> /etc/ssh/shosts.equiv (host1)
> host2.domain.com
>
> /etc/ssh/shosts.equiv (host2)
> host1.domain.com
>
> /etc/ssh/ssh_known_hosts2 for host1 contains the ssh_host_[dr]sa_key.pub
> keys for host2 and vice versa.
--
Mark T. Valites
Unix Systems Analyst
Computing & Information Technology
SUNY Geneseo
>--))> >--))>
More information about the nflug
mailing list