sshd during anaconda install

Kai Blin blin at na.uni-tuebingen.de
Fri May 14 10:05:25 UTC 2004 

Hi folks,

I noticed a strange behavior of sshd during a FC1 kickstart install. We use 
rsync/ssh to copy over config files and the like to our boxes in the %post 
script. For some reason, with FC, we're unable to log into a sshd running in 
the /mnt/sysimage changeroot using hostbased authentication. 

ssh -v shows that it gets stuck when trying to set up the hostbased 
authentication:

<snip>
debug1: Host 'na8' is known and matches the RSA host key.
debug1: Found key in /etc/ssh/ssh_known_hosts2:146
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: hostbased

After that, it doesn't print out anything else.

I'm also attaching the sshd_config file from that box.
Any clue what could be wrong?

Thanks, 
Kai

-- 
Kai Blin, Sysop
Dept. of Numerical Algebra, University of Tübingen, Germany
-------------- next part --------------
# This is ssh server systemwide configuration file.

Port 22
#Protocol 1,2
Protocol 2
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600

X11Forwarding yes
X11DisplayOffset 10
KeepAlive yes

# Logging
SyslogFacility LOCAL0
LogLevel INFO

IgnoreRhosts no
IgnoreUserKnownHosts no
PermitEmptyPasswords no
#PermitRootLogin without-password
StrictModes yes

# configurations for both protocol versions
PasswordAuthentication yes

# Protocol version 1 configurations
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes

# Protocol version 2 configurations
HostbasedAuthentication yes
PubkeyAuthentication yes

# Uncomment to disable s/key passwords 
# SkeyAuthentication no

# To change Kerberos options
# KerberosAuthentication no
# KerberosOrLocalPasswd yes
# AFSTokenPassing no
# KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
# KerberosTgtPassing yes

#CheckMail no
UseLogin no
PrintMotd no

#Subsystem	sftp	/usr/local/sbin/sftpd

More information about the Kickstart-list mailing list