Hello,
I'm having a few problems getting the above combination to work as expected...
I'm trying to get to a situation where my machines will accept host based
authentication from each other, but require users to log in with a password
from elsewhere.
I've set up a pam stack (using pam_ldap) that works fine and set up hosts.equiv
and ssh_known_hosts2
However with both...
HostbasedAuthentication yes
And
usePam yes
I am unable to login from the hosts listed in shosts.equiv. doing an ssh -v -v
hostname I see....
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted for myserver.mydomainl [xxx.xxx.xxx.xxx] by
/etc/hosts.equiv.
But still get prompted for a password - even if I enter a correct password I'm
still not allowed access.
If I disable HostbasedAuthentication password based login works fine. Likewise
if I set usePAM no host based authentication works, but then my LDAP users
cannot authenticate using a password from other machines.
I'm using openSSH 3.9.p1 (from the sunfreeware package) on Solaris 9 sparc with
Suns pam_ldap
The non default sections of my sshd_config follow
Protocol 2
PermitRootLogin no
HostbasedAuthentication yes
PasswordAuthentication no
UsePAM yes
PrintMotd no
Banner /usr/local/etc/ssh_banner
Subsystem sftp /usr/local/libexec/sftp-server
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
