Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
Message-ID:	<001f01c12ed6$46ceedd0$525aa8c0@ise.ch>
From:	"Anatol Studler" <studler AT ise DOT ch>
To:	<cygwin AT cygwin DOT com>
Cc:	"Andreas Bischoff" <bischoff AT ise DOT ch>
Subject:	SSHD without password permission denied
Date:	Mon, 27 Aug 2001 10:57:15 +0200
Organization:	ISE Integrated Systems Engineering AG
MIME-Version:	1.0
X-Priority:	3
X-MSMail-Priority:	Normal
X-Mailer:	Microsoft Outlook Express 6.00.2526.0000
X-MimeOLE:	Produced By Microsoft MimeOLE V6.00.2526.0000

Hi

I installed the latest cygwin (1.3.2) downloaded @ 27.8.2001 an windows 2000
server sp2.

I did:

modified the system variable "CYGWIN=ntea ntsec title strip_title"
mkpasswd -d > /etc/passwd
mkgroup  -d > /etc/group
iu-config (for telnet)
inetd --install-as-service
ssh-host-config (configured sshd as service and with option "ntsec tty")

After that sshd was running fine as a service with the default settings.
After changing the settings to our needs:

IgnoreRhosts no
StrictModes yes
RhostsAuthentication yes
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication no


modified /etc/hosts.equiv
added host antares /etc/ssh_known_hosts (copied ssh_know_hosts from another
host)

I got a PERMISSION DENIED.

Here is the sshd log:

--------------------------
$ /usr/sbin/sshd -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 192.168.90.153.
Server listening on 192.168.90.153 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.90.43 port 33271
debug1: Client protocol version 1.5; client software version OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for studler.
debug1: Trying rhosts with RSA host authentication for client user studler
debug1: temporarily_use_uid: 11107/10513 (e=10500)
debug1: restore_uid
debug1: Rhosts RSA authentication: canonical host antares.ise.ch
debug1: temporarily_use_uid: 11107/10513 (e=10500)
debug1: restore_uid
debug1: Rhosts with RSA host authentication denied: unknown or invalid host
key
Failed rhosts-rsa for studler from 192.168.90.43 port 33271 ruser studler
debug1: temporarily_use_uid: 11107/10513 (e=10500)
debug1: restore_uid
Failed rsa for studler from 192.168.90.43 port 33271
Connection closed by 192.168.90.43
debug1: Calling cleanup 0x415ec4(0x0)
--------------------------

What is the problem ? Wy do we get

Rhosts Authentication disabled, originating port not trusted.

Here is also the ssh client log:

--------------------------
[antares] /home/admin/documentation/win2000 > ssh -v nt115t
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 20885 geteuid 0 anon 1
debug1: Connecting to nt115t [192.168.90.153] port 22.
debug1: temporarily_use_uid: 20885/100 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 20885/100 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: identity file /home/studler/.ssh/identity type 0
debug1: identity file /home/studler/.ssh/id_rsa type 1
debug1: identity file /home/studler/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'nt115t' is known and matches the RSA1 host key.
debug1: Found key in /home/studler/.ssh/known_hosts:1
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
debug1: Remote: Accepted for antares.ise.ch [192.168.90.43] by
/etc/hosts.equiv.
debug1: Remote: Your host key cannot be verified: unknown or invalid host
key.
debug1: Server refused our rhosts authentication or host key.
debug1: Trying RSA authentication with key 'studler AT NT115T'
debug1: Server refused our key.
Permission denied.
debug1: Calling cleanup 0x8064ea0(0x0)
--------------------------

Thanks in advance for any help

./Anatol


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -