CLARIFICATION: Sunfreeware OpenSSH 3.8p1 hostbased auth problem Solaris 9
2007-12-25 3:20:00
need to be suid root to use hostbased auth. There is another program
called ssh-keysign which *is* suid root and is used by the ssh client to
read the private keys.
Henceforth, that is why I classify hostbased auth only working when the
ssh client is suid root as a problem.
I'll also add that the paths to the necessary programs and libraries are
in their respective environment variables (PATH,LD_LIBRARY_PATH).
Original message below.
> Client and server are running generic Solaris 9 patched to a recent
> 9_Recommended.
>
> Both have OpenSSH 3.8p1. Sun's version of ssh has been completely removed
> (including /etc/ssh). I've also explicitly disabled OpenSSH protocol 1.
>
> Config files and keys are set properly to allow for hostbased auth.
>
> Problem: hostbased authentication only works when the client has ssh
suid root.
>
> One of the OpenSSH devs suggested that for Solaris it could be hardcoded
> that in order to connect to a server a privileged source port must be
> used. There is a configuration file option for the ssh client which
> determines whether a privileged source port is used, but by default this
> is turned off. I've tested connecting with the option not in the config
> file and also with it explicitly set in the config file.
>
> My first question: is anybody running Solaris 9 and OpenSSH with hostbased
> authentication? If not Solaris 9 then perhaps 2.6-8?
>
> I'll summarize responses and include debug output if it's necessary to
> pinpoint the problem/solution.
--
Andrew Chaplin, System Admin II
Canisius College - Information Technology Services
2001 Main St.
Buffalo, NY 14208
Comments
Got something to say?
You must be logged in to post a comment.
