Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wouldn’t trust the ouptut as it uses hard coded TCP/IP addresses, and even if you changed the TCP/IP address, you faced already a connection problem before and the script doesn’t distinguish between errors. Maybe it’s even working despite the message.
As I asked: did you check the server’s /etc/ssh/ssh_known_host file? The error you face points to a not accepted key.
debug1: Authentications that can continue: publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for reply
debug3: Wrote 672 bytes for a total of 2407
debug1: Authentications that can continue: publickey,password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
mahmood@server's password:
All the problem is
Code:
debug1: Authentications that can continue: publickey,password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
For unknown reason it ignores hostbased
UPDATE:
At this page https://www.cs.uwaterloo.ca/twiki/vi...Authentication it is sated: "No more client hostkeys for hostbased authentication" suggests that either end of the connection was having trouble looking up the reverse IP of the client and matching it against the key.
mahmood@server:blackscholes$ cat /etc/hosts
127.0.0.1 localhost localhost,server
124.22.69.105 server
192.168.1.3 client
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
mahmood@server:~$ sudo find / -name "client.local"
mahmood@server:~$
on client:
Code:
mahmood@client:~$ cat /etc/hosts
127.0.0.1 localhost
192.168.1.1 server
192.168.1.3 client
Can you explain what is the problem exactly? what is going on while client want to ssh to server? If I want to do that from scratch, which files should i delete (*.pub, ssh_nown_hosts, ....)??
Quote:
Deactivate reverse lookup and try again to eliminate that possibility by putting (uncommenting if exists) the following
Sorry, in sshd_config, so if you have one way set up then on the server side. If you have bidirectional setup then on both machines. No guarantee it will work but it will deactivate reverse lookup so you will be able to see if anything else might be wrong.
server has two network interface. 124.22.69.105 is used to connect to internet while 192.168.1.1 is used inside cluster
Quote:
Sorry, in sshd_config
Code:
mahmood@server:~$ cat /etc/ssh/sshd_config | grep "UseDns"
UseDns no
mahmood@server:~$ cat /etc/ssh/sshd_config | grep "VerifyReverseMapping "
VerifyReverseMapping No
mahmood@server:~$ sudo service ssh restart
ssh start/running, process 12934
an on the client:
Code:
mahmood@client:~$ sudo service ssh restart
ssh start/running, process 2176
mahmood@client:~$ ssh -vvv server
debug1: Authentications that can continue: publickey,password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
mahmood@server's password:
I found the solution. Thanks to "Sharad" who point that on openssh mailing list.
Here is the procedure from one way passwordless ssh from client to server (or hostbased authentication). I will complete the procedure for bidirectional later.
1- Assumptions
1.1 server has two NIC, one for internet connection and the other for inside the cluster (192.168.X.X)
Code:
mahmood@server:~$ cat /etc/hosts
127.0.0.1 localhost localhost,server
19.215.39.105 server
192.168.1.3 client
mahmood@client:~$ cat /etc/hosts
127.0.0.1 localhost
192.168.1.1 server
192.168.1.3 client
1.2 remove /etc/ssh/ssh_known_hosts if any.
1.3 remove ~/.ssh/* if there are any file
2- On the server, edit /etc/ssh/sshd_config and ensure two variables are set to:
Code:
IgnoreRhosts no
HostbasedAuthentication yes
3- on the client, edit /etc/ssh/ssh_config and ensure two variables are set to:
Code:
HostbasedAuthentication yes
EnableSSHKeysign yes
4- create a file on server (home directory of user) named .shosts that contain:
5- on the server, run "ssh-keyscan client" and add the output to ~/.ssh/known_hosts (note that hostname, ip address, and ipaddress+domainname are added to the beginning of the string. then chmod ".ssh" directory to 700
6- on the server, run "ssh-keyscan 192.168.1.1" and add the output to ~/.ssh/known_hosts (note that hostname, ip address, and ipaddress+domainname are added to the beginning of the string. then chmod ".ssh" directory to 700
IMPOTANT NOTE: DONOT USE "SERVER" IN "ssh-keyscan" SINCE THERE ARE TWO ENTRY IN /etc/hosts. IT IS SAFE TO USE THE IP ADDRESS DIRECTLY.
@EricTRA and Reuti: I think that is the trick.... previously I used "server" and it was not clear whether the 192.168.1.1 was used or the valid IP.
mahmood@client:~$ sudo service ssh restart
ssh start/running, process 2223
mahmood@server:~$ sudo service ssh restart
ssh start/running, process 22622
FINISHED. You can now ssh from client to server without password
Code:
mahmood@client:~$ ssh 192.168.1.1
Linux server 2.6.32-24-server #39-Ubuntu SMP Wed Jul 28 06:21:40 UTC 2010 x86_64 GNU/Linux
Ubuntu 10.04.1 LTS
Welcome to the Ubuntu Server!
.....
.....
103 packages can be updated.
54 updates are security updates.
Last login: Thu Apr 28 16:26:05 2011 from 192.168.1.3
mahmood@server:~$
I will state the procedure for bidirectional hostbased ssh (without password) later.
Thx. There is the error:in your output and a Google revealed at least a bug for this in openSUSE, but maybe it’s an OpenSSH issue in the end. I’ll look into it. On a newly setup machine (which has indeed openSUSE 11.4) I face exactly the same :-/.
To get hostbased authentication back in openSUSE 11.4, it’s necessary to rename or delete on the source machine of the intended connection the files:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.