ssh trusted host logins
Darin Perusich
Darin.Perusich at cognigencorp.com
Fri May 7 15:21:36 EDT 2004
Mark T. Valites wrote:
> How are you generating your keys?
the default keys are generated by the rc scripts which do.
ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
> Have you tried throwing a couple '-v's on your ssh connection attempts?
> Three '-v's should give you pretty verbose outputs.
> How about perms on the keys? That's bitten me a couple times.
i've been running ssh with -vvv and sshd with -ddd (LogLevel debug3),
scanning all the output was giving me a head ache so i switched tasks.
i'm getting messages that the host1 is accepted by shosts.equiv a few
times then i steps down to password auth.
the file perms for shosts.equiv and ssh_known_hosts2 are 0644 on both
hosts. i can read both files as a normal user.
>
>
>>the configs for both systems (host1 and host2) are identical.
>>
>>/etc/ssh/ssh_config
>>Host *
>> ForwardAgent yes
>> ForwardX11 yes
>> HostbasedAuthentication yes
>> EnableSSHKeysign yes
>>
>>/etc/ssh/sshd_config
>> PermitRootLogin no
>> HostbasedAuthentication yes
>> X11Forwarding yes
>> UsePrivilegeSeparation yes
>> Banner /etc/issue
>> Subsystem sftp /usr/lib/ssh/sftp-server
>>
>>/etc/ssh/shosts.equiv (host1)
>> host2.domain.com
>>
>>/etc/ssh/shosts.equiv (host2)
>> host1.domain.com
>>
>>/etc/ssh/ssh_known_hosts2 for host1 contains the ssh_host_[dr]sa_key.pub
>>keys for host2 and vice versa.
>
>
--
Darin Perusich
Unix Systems Administrator
Cognigen Corp.
darinper at cognigencorp.com
More information about the nflug
mailing list