- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- SSH: no shosts.equiv found?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2005 11:57 PM
тАО12-07-2005 11:57 PM
SSH: no shosts.equiv found?
Thu 08 07:26:57 WARNING: hostbased-authentication (rhosts and shosts) refused for jl: no shosts. or rhosts. files and no system-wide files (e.g., ETC:shosts.equiv)
But the file:
SYS$SYSDEVICE:[TCPIP$SSH]SHOSTS.EQUIV
Does exist on the server.
These are the entries in the server sshd2_config:
AllowedAuthentications hostbased, publickey, password
# IgnoreRhosts no
# AllowSHosts trusted\.host\.org
# DenySHosts not\.quite\.trusted\.org
i.e. the bottom 3 are all commented out - not sure if I should uncomment any of these (didn't think I had to based on the admin guide).
Anyone have an idea?
Thanks in advance.
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 06:09 AM
тАО12-08-2005 06:09 AM
Re: SSH: no shosts.equiv found?
HP├в s TCP/IP services do not use the traditional UNIX rhosts and hosts.equiv files.
The file you have is systemwide trusted hosts file, TCPIP$SSH_DEVICE:[TCPIP$SSH]SHOSTS.EQUIV. In this file, you would add the fully qualified name of every SSH client host that will communicate with the server. You can also enter a specific user name to limit access to that user. For example:
MYHOST.MYLAB.COM
or
MYHOST.MYLAB.COM smith
There are other client and server config file on client config file, you will have to include this entry
--- AllowedAuthentications hostbased
--- DefaultDomain [fqdn of thelocal host]
on the server config file,
--- AllowedAuthentications hostbased
--- IgnoreRhosts no /* to enable use of the user-specific SHOSTS. files */
In host-based authentication, the client and server hosts authenticate each other. Therefore, the server host must have the client's host public key. Copy the client's host public-key file, CLIENTHOST::TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY.PUB, to the server directory SERVERHOST::TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2.KNOWNHOSTS], naming the key file name, using the format fully-qualified-hostname_ssh-dss.pub. For example, if the host name is green and its domain name is color.art.com, copy it as follows:
$COPY SYS$LOGIN:[SSH2.KNOWNHOSTS]green_color_art_com_ssh-dss.pub -
_$ SERVERHOST::TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2.KNOWNHOSTS]-
_$ green_color_art_com_ssh-dss.pub/PROTECTION=(W=RE)
Archunan
Archie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:12 AM
тАО12-08-2005 10:12 AM
Re: SSH: no shosts.equiv found?
SYS$SYSDEVICE:[TCPIP$SSH]SHOSTS.EQUIV also
exists, but is empty, so I don't know much
about this, but have you tried "ssh -v [...]"?
Perhaps the "debug:" output will offer a clue.
You do need to adjust mentally the file specs
like "/etc/ssh2/hostkey.pub", and so on, of
course.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:10 PM
тАО12-08-2005 10:10 PM
Re: SSH: no shosts.equiv found?
>The file you have is systemwide trusted hosts file,
>TCPIP$SSH_DEVICE:[TCPIP$SSH]SHOSTS.EQUIV.
>In this file, you would add the fully qualified
>name of every SSH client host that will
>communicate with the server.
Yes, I already have that.
>You can also enter a specific user name to limit
>access to that user. For example:
>MYHOST.MYLAB.COM
>or
>MYHOST.MYLAB.COM smith
Yes, I also have that.
>>There are other client and server config file on
>client config file, you will have to include this entry
>--- AllowedAuthentications hostbased
>--- DefaultDomain [fqdn of thelocal host]
Yes, both are done.
>on the server config file,
>--- AllowedAuthentications hostbased
>--- IgnoreRhosts no /* to enable use of the user-specific SHOSTS. files */
I left IgnoreRhosts commented, as the manual said it
was equivelant to no.
>In host-based authentication, the client and
>server hosts authenticate each other.
> Therefore, the server host must have the
>client's host public key. Copy the client's
>host public-key file,
>CLIENTHOST::TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY.PUB,
>to the server directory
>SERVERHOST::TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2.KNOWNHOSTS],
>naming the key file name, using the format
>fully-qualified-hostname_ssh-dss.pub.
>For example, if the host name is green and its
>domain name is color.art.com, copy it as follows:
>$COPY SYS$LOGIN:[SSH2.KNOWNHOSTS]green_color_art_com_ssh-dss.pub -
>_$ SERVERHOST::TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2.KNOWNHOSTS]-
>_$ green_color_art_com_ssh-dss.pub/PROTECTION=(W=RE)
Yes, done.
Is there anything you could suggest that isn't already in
or pasted from the admin guide?
Thanks,
Tom
--------------------------------------------------------------------------------
>I seem to be using "publickey", and my
>SYS$SYSDEVICE:[TCPIP$SSH]SHOSTS.EQUIV also
>exists, but is empty, so I don't know much
>about this, but have you tried "ssh -v [...]"?
>Perhaps the "debug:" output will offer a clue.
I had already done that. The below debug output from
the client side connect attempt caused me to look
for clues on the server, at which point I found the
output from the TCPIP$SSH_RUN.LOG
as indicated in my original post.
debug: server offers auth methods 'hostbased,publickey,password'.
debug: Ssh2AuthHostBasedClient/AUTHC-HOSTBASED.C:720: Server rejected the signature.
>You do need to adjust mentally the file specs
>like "/etc/ssh2/hostkey.pub", and so on, of
>course.
Yes, I realize that...
Thanks both for the suggestions. Please keep em coming.
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2005 10:57 PM
тАО12-08-2005 10:57 PM
Re: SSH: no shosts.equiv found?
TCPIP$ETC
And that had no effect also.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2005 02:52 AM
тАО12-09-2005 02:52 AM
Re: SSH: no shosts.equiv found?
TCPIP$SSH_DEVICE:[TCPIP$SSH]SHOSTS.EQUIV
AND
SYS$LOGIN:SHOSTS.
for each user.
It doesn't say this in the admin guide.
Thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2005 04:00 AM
тАО12-09-2005 04:00 AM
Re: SSH: no shosts.equiv found?
It turns out the problem is this:
the file SHOSTS.EQUIV belongs in the
[TCPIP$SSH.SSH2] directory, not the
[TCPIP$SSH] directory
as the admin guide says. It's a mistake in the admin guide.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2005 04:49 AM
тАО12-09-2005 04:49 AM
Re: SSH: no shosts.equiv found?
The systemwide trusted hosts file will be in TCPIP$SSH_DEVICE:[TCPIP$SSH], but user specfic SHOSTS.EQUIV file will be in [TCPIP$SSH.SSH2] directory.
Please let us know the summary of what you have done to made it to work; will be helpfull.
Archunan
Archie