SSH 4.5P1 HOSTBASED authentication - Aix

This is a discussion on SSH 4.5P1 HOSTBASED authentication - Aix ; Hello, I've upgraded ssh to 4.5p1. I've got this very strange problem !!?? When I connect from one machine to another using host based authentication, ssh complains because it cannot read the key files (/etc/ssh/). But when I change the ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: SSH 4.5P1 HOSTBASED authentication

  1. SSH 4.5P1 HOSTBASED authentication

    Hello,

    I've upgraded ssh to 4.5p1.

    I've got this very strange problem !!??

    When I connect from one machine to another using host based authentication,
    ssh complains because it cannot read the key files (/etc/ssh/).

    But when I change the key files (in /etc/ssh) permission to 'og+r' then ssh
    will successfully log on using hostbased authentication.

    But the sshd daemon will not start because it considers the permission of
    the key files to open.

    I've build my ssh package using the source code from the openssh web site.

  2. Re: SSH 4.5P1 HOSTBASED authentication

    Hi,

    Please check under what account SSH is running...
    lsof and/or ps should help you.

    ps -ef | grep sshd

    lsof | grep sshd


    On Sat, 09 Dec 2006 11:51:25 +0200, herbert koelman
    wrote:

    > Hello,
    >
    > I've upgraded ssh to 4.5p1.
    >
    > I've got this very strange problem !!??
    >
    > When I connect from one machine to another using host based
    > authentication,
    > ssh complains because it cannot read the key files (/etc/ssh/).
    >
    > But when I change the key files (in /etc/ssh) permission to 'og+r' then
    > ssh
    > will successfully log on using hostbased authentication.
    >
    > But the sshd daemon will not start because it considers the permission of
    > the key files to open.
    >
    > I've build my ssh package using the source code from the openssh web
    > site.




    --
    kind regards,
    Claudiu Costin

  3. Re: SSH 4.5P1 HOSTBASED authentication

    On Sun, 10 Dec 2006 15:08:10 +0200, Claudiu Costin wrote:

    > Hi,
    >
    > Please check under what account SSH is running...
    > lsof and/or ps should help you.
    >
    > ps -ef | grep sshd
    >
    > lsof | grep sshd
    >
    >
    > On Sat, 09 Dec 2006 11:51:25 +0200, herbert koelman
    > wrote:
    >
    >> Hello,
    >>
    >> I've upgraded ssh to 4.5p1.
    >>
    >> I've got this very strange problem !!??
    >>
    >> When I connect from one machine to another using host based
    >> authentication,
    >> ssh complains because it cannot read the key files (/etc/ssh/).
    >>
    >> But when I change the key files (in /etc/ssh) permission to 'og+r' then
    >> ssh
    >> will successfully log on using hostbased authentication.
    >>
    >> But the sshd daemon will not start because it considers the permission of
    >> the key files to open.
    >>
    >> I've build my ssh package using the source code from the openssh web
    >> site.

    >
    >
    >


    I'm running under root:system.

    I suspect I'm missing some setuid bits on my binaries (especially
    ssh-keygen).

  4. Re: SSH 4.5P1 HOSTBASED authentication

    On 2006-12-10, herbert koelman wrote:
    > On Sun, 10 Dec 2006 15:08:10 +0200, Claudiu Costin wrote:
    > I'm running under root:system.
    >
    > I suspect I'm missing some setuid bits on my binaries (especially
    > ssh-keygen).


    Not ssh-keygen but ssh-keysign, which is usually in /usr/local/libexec:

    $ ls -l /usr/local/libexec/ssh-keysign
    -rws--x--x 1 root root 148672 Nov 20 22:48 /usr/local/libexec/ssh-keysign

    Also check that ssh-keysign is enabled (EnableSSHKeysign in the global
    ssh_config).

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  5. Re: SSH 4.5P1 HOSTBASED authentication

    On Tue, 12 Dec 2006 22:32:19 +1100, Darren Tucker wrote:

    > On 2006-12-10, herbert koelman wrote:
    >> On Sun, 10 Dec 2006 15:08:10 +0200, Claudiu Costin wrote:
    >> I'm running under root:system.
    >>
    >> I suspect I'm missing some setuid bits on my binaries (especially
    >> ssh-keygen).

    >
    > Not ssh-keygen but ssh-keysign, which is usually in /usr/local/libexec:
    >
    > $ ls -l /usr/local/libexec/ssh-keysign
    > -rws--x--x 1 root root 148672 Nov 20 22:48 /usr/local/libexec/ssh-keysign
    >
    > Also check that ssh-keysign is enabled (EnableSSHKeysign in the global
    > ssh_config).
    >


    Hourra it runs fine.

    Thank you for your help.

+ Reply to Thread