Check acl of .ssh folder it should be only readable by the user (or
almost).
On 24 janv. 05, at 11:00, Oliver Keeble wrote:
> Have your ssh keys changed? If so, you should verify that the
> old
> ones aren't still in /etc/ssh/ssh_known_hosts on the CE.
> HostbasedAuthentication has to be turned on in /etc/ssh/sshd_config,
> but
> given the error message I suspect it already is.
>
> -Oliver
>
> --------------------------------------------------------------------
> Oliver Keeble Information Technology Department
> [log in to unmask] CERN
> +41 22 76 74929 CH-1211 Geneva 23
>
> On Fri, 21 Jan 2005, Lev Shamardin wrote:
>
>> Hi all,
>>
>> We are migrating to LCG-2_3_0 and after upgrade of the CE and SE to
>> SL3.03
>> hostbased authentication in ssh stopped working.
>>
>> The debug log on the CE says:
>>
>> debug1: userauth_hostbased: cuser cms002 chost lcg23.sinp.msu.ru.
>> pkalg ssh-rsa slen 143
>> debug3: mm_key_allowed entering
>> debug3: mm_request_send entering: type 20
>> debug3: monitor_read: checking request 20
>> debug3: mm_answer_keyallowed entering
>> debug3: mm_answer_keyallowed: key_from_blob: 0x86c2988
>> debug2: userauth_hostbased: chost lcg23.sinp.msu.ru. resolvedname
>> lcg23.sinp.msu.ru ipaddr 213.131.5.23
>> debug2: stripping trailing dot from chost lcg23.sinp.msu.ru.
>> debug2: auth_rhosts2: clientuser cms002 hostname lcg23.sinp.msu.ru
>> ipaddr 213.131.5.23
>> debug1: temporarily_use_uid: 20002/510 (e=0/0)
>> debug1: restore_uid: 0/0
>> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
>> debug3: mm_request_receive_expect entering: type 21
>> debug1: temporarily_use_uid: 20002/510 (e=0/0)
>> debug1: restore_uid: 0/0
>> debug3: mm_answer_keyallowed: key 0x86c2988 is disallowed
>> debug3: mm_request_send entering: type 21
>> debug3: mm_request_receive entering
>> debug3: mm_request_receive entering
>> debug2: userauth_hostbased: authenticated 0
>> Failed hostbased for cms002 from 213.131.5.23 port 32817 ssh2
>>
>> What can be wrong? The host keys are up to date, they were updated
>> with the
>> edg-pbs-knownhosts script.
>>
>> --
>> Lev.
>>
>>
--
Louis Poncet
Where: Bat28-R-003 CERN
CH-1211 Geneve 23
Mail : [log in to unmask]
Phone: +41(0)227.674.231
LAL / IN2P3 / CNRS / CERN
Problem >> RTFM then google it !
|