Date: Sun, 17 Oct 2004 16:48:02 -0700 (PDT) From: Joe Schmoe <non_secure@yahoo.com> To: freebsd-hackers@freebsd.org Subject: passwordless ssh logins with shared _HOST_ keys - not working. Message-ID: <20041017234802.33563.qmail@web53301.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
(I have asked this several times on -questions and gotten nothing ...) I am trying to allow _all users_ on CLIENT to login to SERVER without a password. IMPORTANT: I am not interested in user keys _at all_ - at no point in this process should I ever be dealing with any keys in /home/user/.ssh - I am only interested in doing this with HOST keys - where I copy one key between SERVER and CLIENT, and _all_ users on CLIENT can login to SERVER without a password. Don't even mention user keys. My /etc/sshd/sshd_config is exactly the same on both SERVER and CLIENT: #VersionAddendum FreeBSD-20020629 #Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # Authentication: IgnoreRhosts yes #RhostsRSAAuthentication no HostbasedAuthentication yes IgnoreUserKnownHosts yes ChallengeResponseAuthentication no Further, SERVER has CLIENT in its /etc/hosts.equiv, and CLIENT has SERVER in its /etc/hosts.equiv Finally, I have run: ssh-keyscan SERVER >> /etc/ssh/ssh_known_hosts on the CLIENT, and run: ssh-keyscan CLIENT >> /etc/ssh/ssh_known_hosts on the SERVER. So the keys are properly shared. The permissions on /etc/ssh/known_hosts on each system are: 2 -rw-r--r-- 1 root wheel So that's it. The options are set in sshd_config, the keys have been exchanged, hosts.equiv are populated and permissions are correct. SO now I go to CLIENT and run: ssh user@SERVER and I get a password prompt!!! So what am I doing wrong ? Again - NO user keys are used and I am not interested in user keys _AT ALL_. DOn't even mention the /home/user/.ssh directory. The goal here is to share one public key between SERVER and CLIENT and allow _all_ users on CLIENT to log into SERVER without a password. So what am I doing wrong ? thanks. __________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041017234802.33563.qmail>