- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: SSH Hostbased encryption
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2009 12:42 AM
тАО01-12-2009 12:42 AM
SSH Hostbased encryption
I've set up host based encryption between two nodes that allows me to connect without submitting a password if I'm logged in as the userI want to connect as on the other machine.
I.e If I log in as SYSTEM on machine A I can SSH machine B without entering a password.
But if I log in on machine A as SYSUSER and try to connect to machine b witj SSH SYSTEM@machineb it asks me for a password.
The SSH logs tells me this.
Fri 09 12:38:07 WARNING: hostbased-authentication (rhosts) refused: client user
'sysuser', server user 'system', client host 'xxxx'
Any ideas on how to get it to work without having to login as system?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2009 01:38 AM
тАО01-12-2009 01:38 AM
Re: SSH Hostbased encryption
looks like some privilege issue somewhere.
Cheers..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2009 02:04 AM
тАО01-12-2009 02:04 AM
Re: SSH Hostbased encryption
SUPERNOVA> ssh -v system@XXXXXX
debug: Ssh2/SSH2.C:1448: CRTL version (SYS$SHARE:DECC$SHR.EXE ident) is V7.3-2-1
debug: hostname is 'XXXXXX'.
debug: Unable to open ssh2/ssh2_config
debug: connecting to XXXXXX, port 22...
debug: entering event loop
debug: ssh_client_wrap: creating transport protocol
debug: SshAuthMethodClient/SSHAUTHMETHODC.C:145: Added "hostbased" to usable me.
debug: SshAuthMethodClient/SSHAUTHMETHODC.C:145: Added "publickey" to usable me.
debug: SshAuthMethodClient/SSHAUTHMETHODC.C:145: Added "password" to usable met.
debug: Ssh2Client/SSHCLIENT.C:1356: creating userauth protocol
debug: Ssh2Common/SSHCOMMON.C:517: local ip = 10.x.x.x, local port = 64459
debug: Ssh2Common/SSHCOMMON.C:519: remote ip = 10.x.x.x, remote port = 22
debug: SshConnection/SSHCONN.C:2092: Wrapping...
debug: Ssh2Transport/TRCOMMON.C:643: Remote version: SSH-2.0-3.2.0 SSH Secure S3
debug: Ssh2Transport/TRCOMMON.C:1167: c_to_s: cipher 3des-cbc, mac hmac-sha1, ce
debug: Ssh2Transport/TRCOMMON.C:1170: s_to_c: cipher 3des-cbc, mac hmac-sha1, ce
debug: Ssh2Client/SSHCLIENT.C:508: Host key found from database.
debug: Ssh2Common/SSHCOMMON.C:321: Received SSH_CROSS_STARTUP packet from conne.
debug: Ssh2Common/SSHCOMMON.C:371: Received SSH_CROSS_ALGORITHMS packet from co.
debug: SshUnixTcp/SSHUNIXTCP.C:1019: using local hostname orion.ikea.com
debug: Ssh2AuthHostBasedClient/AUTHC-HOSTBASED.C:803: Child: Execing ssh-signer)
debug: Ssh2AuthHostBasedClient/AUTHC-HOSTBASED.C:407: ssh-signer returned SSH_AE
debug: ssh_pipe_stream_destroy
debug: ssh_sigchld_real_callback
debug: ssh_sigchld_process_pid: no handler for pid 1585471 code 0
debug: Unable to open ssh2/identification
debug: Ssh2AuthClient/SSHAUTHC.C:347: Method 'publickey' disabled.
debug: Ssh2AuthPasswdClient/AUTHC-PASSWD.C:197: Starting password query...
system's password:
XXXXXX> ty SYS$SYSDEVICE:[TCPIP$SSH]TCPIP$SSH_RUN.LOG
$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
Mon 12 07:53:31 INFORMATIONAL: Starting image in auxiliary server mode.
Mon 12 07:53:31 INFORMATIONAL: connection from "10.x.x.x"
Mon 12 07:53:31 WARNING: hostbased-authentication (rhosts) refused: client user
'sysuser', server user 'system', client host 'SUPERNOVA.xxx.xxx'.
XXXXXX>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2009 05:00 AM
тАО01-12-2009 05:00 AM
Re: SSH Hostbased encryption
check that your setup agrees with the guidelines in the openvms ssh manual for v7.3-2 (page 27 for host based auth) here :-
http://h71000.www7.hp.com/doc/732final/aa-rvbua-te/aa-rvbua-te.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2009 07:47 AM
тАО01-12-2009 07:47 AM
Re: SSH Hostbased encryption
Are there IDENTIFICATION. and AUTHORIZATION. files present and containing pointers to the appropriate key files in the [.SSH2] directories on each node?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2009 09:02 AM
тАО01-12-2009 09:02 AM
Re: SSH Hostbased encryption
> AUTHORIZATION. files [...]
Aren't those for publickey (not hostbased)?
(I use only publickey, so for hostbased
authentication I'd be forced to read the
docs.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2009 11:50 PM
тАО01-12-2009 11:50 PM
Re: SSH Hostbased encryption
mark might have a point.
Never thought of checking that all components are fully complient which they're not.
One of the systems is 7.3-2 with an OLD tcpip version.
Will upgrade and return with information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2009 04:57 AM
тАО01-20-2009 04:57 AM
Re: SSH Hostbased encryption
I've now upgraded the Client system to OpenVMS 8.3 and Tcpip 5.6 but I am still not able to used hostbased authentication when logged in as a different user.
ie.. I'm logged onto the client as sysuser and want to connect to the remote system as system.
attached is the verbose output from the client. In that attachment in the bottom is also the logfile from the server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2009 06:01 AM
тАО01-20-2009 06:01 AM
Re: SSH Hostbased encryption
Try ucx sho ho x.x.x.x on the server.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2009 07:55 AM
тАО01-20-2009 07:55 AM
Re: SSH Hostbased encryption
do you have the public key files 'fully-qualified-host-name'_ssh-dss.pub in place ?