sshd during anaconda install
Kai Blin
blin at na.uni-tuebingen.de
Fri May 14 10:05:25 UTC 2004
Hi folks,
I noticed a strange behavior of sshd during a FC1 kickstart install. We use
rsync/ssh to copy over config files and the like to our boxes in the %post
script. For some reason, with FC, we're unable to log into a sshd running in
the /mnt/sysimage changeroot using hostbased authentication.
ssh -v shows that it gets stuck when trying to set up the hostbased
authentication:
<snip>
debug1: Host 'na8' is known and matches the RSA host key.
debug1: Found key in /etc/ssh/ssh_known_hosts2:146
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: hostbased
After that, it doesn't print out anything else.
I'm also attaching the sshd_config file from that box.
Any clue what could be wrong?
Thanks,
Kai
--
Kai Blin, Sysop
Dept. of Numerical Algebra, University of Tübingen, Germany
-------------- next part --------------
# This is ssh server systemwide configuration file.
Port 22
#Protocol 1,2
Protocol 2
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
X11Forwarding yes
X11DisplayOffset 10
KeepAlive yes
# Logging
SyslogFacility LOCAL0
LogLevel INFO
IgnoreRhosts no
IgnoreUserKnownHosts no
PermitEmptyPasswords no
#PermitRootLogin without-password
StrictModes yes
# configurations for both protocol versions
PasswordAuthentication yes
# Protocol version 1 configurations
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
# Protocol version 2 configurations
HostbasedAuthentication yes
PubkeyAuthentication yes
# Uncomment to disable s/key passwords
# SkeyAuthentication no
# To change Kerberos options
# KerberosAuthentication no
# KerberosOrLocalPasswd yes
# AFSTokenPassing no
# KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
# KerberosTgtPassing yes
#CheckMail no
UseLogin no
PrintMotd no
#Subsystem sftp /usr/local/sbin/sftpd
More information about the Kickstart-list
mailing list