[Bug 417221] New: one side ssh host-based authentication failure
https://bugzilla.novell.com/show_bug.cgi?id=417221 User gilles.sabourin@free.fr added comment https://bugzilla.novell.com/show_bug.cgi?id=417221#c53 Summary: one side ssh host-based authentication failure Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: gilles.sabourin@free.fr QAContact: qa@suse.de Found By: Customer Created an attachment (id=233376) --> (https://bugzilla.novell.com/attachment.cgi?id=233376) ssh client config I have set up a DNS server in my LAN network and reconfigured both ssh clients and servers according to the method described in this document : http://itg.chem.indiana.edu/inc/wiki/software/openssh/189.html I am running openssh 5.0-p1 on openSUSE 11.0 on both my 32bits laptop and my 64bits desktop. DNS server is running well on my 64bits desktop : gilles@gilles-bureau:~> nslookup 192.168.0.100 Server: 192.168.0.100 Address: 192.168.0.100#53 100.0.168.192.in-addr.arpa name = gilles-bureau.site. gilles@gilles-bureau:~> nslookup 192.168.0.101 Server: 192.168.0.100 Address: 192.168.0.100#53 101.0.168.192.in-addr.arpa name = gilles-portable.site.
From my laptop towards my desktop, host-based authentication performs well, so I don't need to give a password anymore.
From my desktop towards my laptop, host-based authentication fails : I still got a prompt for the password.
I have checked all the points in the method, so, I am sure that: - ssh_config and sshd_config are the same on both machines; - /etc/ssh/ssh_known_hosts and /etc/hosts.equiv are the same on both sides; - suid bit is set for ssh-keysign on both PC. (see attachments) So, I tried to investigate furthermore and have launched ssh daemon at highest debug level for the 2 cases success / failure authentication. (see attachments). In the 2 cases, the dialog between the server and the client is roughly the same at the beginning, up to a point, where : - in case of success, I got : debug1: PAM: initializing for "gilles" debug1: PAM: setting PAM_RHOST to "gilles-portable.site" debug1: PAM: setting PAM_TTY to "ssh" .. debug1: userauth-request for user gilles service ssh-connection method hostbased debug1: attempt 1 failures 1 debug2: input_userauth_request: try method hostbased - in case of failure, there are missing settings of PAM_RHOST and PAM_TTY : .. debug1: PAM: initializing for "gilles" debug1: userauth-request for user gilles service ssh-connection method keyboard-interactive -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=417221
User gilles.sabourin@free.fr added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c1
--- Comment #1 from Gilles Sabourin
https://bugzilla.novell.com/show_bug.cgi?id=417221
User gilles.sabourin@free.fr added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c2
--- Comment #2 from Gilles Sabourin
https://bugzilla.novell.com/show_bug.cgi?id=417221
User gilles.sabourin@free.fr added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c3
--- Comment #3 from Gilles Sabourin
https://bugzilla.novell.com/show_bug.cgi?id=417221
User gilles.sabourin@free.fr added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c4
--- Comment #4 from Gilles Sabourin
https://bugzilla.novell.com/show_bug.cgi?id=417221
User gilles.sabourin@free.fr added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c5
--- Comment #5 from Gilles Sabourin
https://bugzilla.novell.com/show_bug.cgi?id=417221
User gilles.sabourin@free.fr added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c6
--- Comment #6 from Gilles Sabourin
https://bugzilla.novell.com/show_bug.cgi?id=417221
Robert Vojcik
https://bugzilla.novell.com/show_bug.cgi?id=417221
Anna Bernathova
https://bugzilla.novell.com/show_bug.cgi?id=417221
User anicka@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c7
Anna Bernathova
https://bugzilla.novell.com/show_bug.cgi?id=417221
User gilles.sabourin@free.fr added comment
https://bugzilla.novell.com/show_bug.cgi?id=417221#c8
--- Comment #8 from Gilles Sabourin
From a security point of view, these public keys should _NOT_ be word readable to work currently with authenticated users.
This is administrator's responsability to check these ones are word readable to set up a host-based authentication. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com