From owner-freebsd-questions  Fri Jun 22  9:36:46 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219])
	by hub.freebsd.org (Postfix) with ESMTP id 9DF8337B401
	for <freebsd-questions@freebsd.org>; Fri, 22 Jun 2001 09:36:42 -0700 (PDT)
	(envelope-from martin@dc.cis.okstate.edu)
Received: from martin (helo=dc.cis.okstate.edu)
	by dc.cis.okstate.edu with local-esmtp (Exim 3.13 #1)
	id 15DTvD-0002Y6-00
	for freebsd-questions@freebsd.org; Fri, 22 Jun 2001 11:36:39 -0500
To: freebsd-questions@freebsd.org
Subject: freebsd ssh out-bound Connections not Authenticating Properly
Date: Fri, 22 Jun 2001 11:36:39 -0500
From: Martin McCormick <martin@dc.cis.okstate.edu>
Message-Id: <E15DTvD-0002Y6-00@dc.cis.okstate.edu>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	Thanks to some help I got, I have narrowed down my
problem to a rather small area.  I am the one who can't get
passwordless movement between a freebsd system and other systems
to work.

	If I compare the debug output from a similar command on a
Linux system, I see the usual establishment of the connectionplus
the initiation of the authentication scheme.  I also see the
following messages.  Remember, this one worked.

localtest: Waiting for server public key.
localtest: Received server public key (768 bits) and host key (1024 bits).
localtest: Host 'remotesystem.cis.okstate.edu' is known and matches the host key.
localtest: Initializing random; seed file /home/martin/.ssh/random_seed
localtest: Encryption type: blowfish
localtest: Sent encrypted session key.
localtest: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
localtest: Remote: Accepted for localtest.cis.okstate.edu [192.168.0.3] by /etc/shosts.equiv.
localtest: Received RSA challenge for host key from server.
localtest: Sending response to host key RSA challenge.
localtest: Remote: Rhosts with RSA host authentication accepted.
localtest: Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.
localtest: Requesting pty.
localtest: Requesting shell.
localtest: Entering interactive session.
Last login: Thu Jun 21 14:01:05 2001 from localtest.cis.oks

	The messages from the freebsd version of ssh are worded
slightly differently but describe the same basic course of events
until one gets to


localtest: Installing crc compensation attack detector.
localtest: Received encrypted confirmation.

	At that point, the Linux ssh described the shosts
authentication.  The free bsd session that failed said:

debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Doing password authentication.

	At the point where it says "doing password
authentication" is where the Linux version started the shosts
authentication.  I can't seem to get the freebsd version to do
that at all.  My configuration settings for ssh_config are as
follows:

# Host *
#   ForwardAgent yes
#   ForwardX11 yes
   RhostsRSAAuthentication yes
   RhostsAuthentication yes
   RSAAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh no
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking no
#   IdentityFile ~/.ssh/identity
#   Port 22
#   Protocol 2,1
   Cipher blowfish
#   EscapeChar ~

	It is like the rhosts and shosts part just isn't there.

Martin McCormick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message