https://bugzilla.novell.com/show_bug.cgi?id=417221 User gilles.sabourin@free.fr added comment https://bugzilla.novell.com/show_bug.cgi?id=417221#c53 Summary: one side ssh host-based authentication failure Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: gilles.sabourin@free.fr QAContact: qa@suse.de Found By: Customer Created an attachment (id=233376) --> (https://bugzilla.novell.com/attachment.cgi?id=233376) ssh client config I have set up a DNS server in my LAN network and reconfigured both ssh clients and servers according to the method described in this document : http://itg.chem.indiana.edu/inc/wiki/software/openssh/189.html I am running openssh 5.0-p1 on openSUSE 11.0 on both my 32bits laptop and my 64bits desktop. DNS server is running well on my 64bits desktop : gilles@gilles-bureau:~> nslookup 192.168.0.100 Server: 192.168.0.100 Address: 192.168.0.100#53 100.0.168.192.in-addr.arpa name = gilles-bureau.site. gilles@gilles-bureau:~> nslookup 192.168.0.101 Server: 192.168.0.100 Address: 192.168.0.100#53 101.0.168.192.in-addr.arpa name = gilles-portable.site.
From my laptop towards my desktop, host-based authentication performs well, so I don't need to give a password anymore.
From my desktop towards my laptop, host-based authentication fails : I still got a prompt for the password.
I have checked all the points in the method, so, I am sure that: - ssh_config and sshd_config are the same on both machines; - /etc/ssh/ssh_known_hosts and /etc/hosts.equiv are the same on both sides; - suid bit is set for ssh-keysign on both PC. (see attachments) So, I tried to investigate furthermore and have launched ssh daemon at highest debug level for the 2 cases success / failure authentication. (see attachments). In the 2 cases, the dialog between the server and the client is roughly the same at the beginning, up to a point, where : - in case of success, I got : debug1: PAM: initializing for "gilles" debug1: PAM: setting PAM_RHOST to "gilles-portable.site" debug1: PAM: setting PAM_TTY to "ssh" .. debug1: userauth-request for user gilles service ssh-connection method hostbased debug1: attempt 1 failures 1 debug2: input_userauth_request: try method hostbased - in case of failure, there are missing settings of PAM_RHOST and PAM_TTY : .. debug1: PAM: initializing for "gilles" debug1: userauth-request for user gilles service ssh-connection method keyboard-interactive -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.