On Mon, 12 Dec 2005 20:37:33 +0100, Leif Nixon <[log in to unmask]> wrote:

>Just to be certain, can you please redo the debug log experiment,
>specifying "/usr/sbin/sshd" instead of just "sshd"?

Just to be sure that we are talking about the same thing, as root@CEhost I run 
# /usr/sbin/sshd -d -d -p 2022
Password:
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.6.1p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 2022 on 0.0.0.0.
Server listening on 0.0.0.0 port 2022.
Generating 768 bit RSA key.
RSA key generation complete.

Then as dteam001@WNhost I run 
% scp -B -P 2022 grid.bccs.uib.no:/export/home/dteam001/pbs_sub /tmp
Environment:
  USER=dteam001
  LOGNAME=dteam001
  HOME=/home/dteam001
  PATH=/usr/local/bin:/bin:/usr/bin
  MAIL=/var/mail/dteam001
  SHELL=/bin/bash
  SSH_CLIENT=10.255.255.254 45350 2022
  SSH_CONNECTION=10.255.255.254 45350 129.177.120.153 2022
pbs_sub                                                                100%
  23    13.2KB/s   00:00    

It works (the same with the command run as user dteam001: scp -B -P 2022
[log in to unmask]:/export/home/dteam001/pbs_sub /tmp)

On the server side (CEhost) I get the following log:
[snip]
debug1: userauth-request for user dteam001 service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "dteam001"
Failed none for dteam001 from 10.255.255.254 port 45353 ssh2
debug1: PAM setting rhost to "compute-0-0.local"
debug1: userauth-request for user dteam001 service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug1: userauth_hostbased: cuser dteam001 chost compute-0-0.local. pkalg
ssh-dss slen 55
debug1: temporarily_use_uid: 18118/2688 (e=0/0)
debug1: restore_uid: 0/0
Failed hostbased for dteam001 from 10.255.255.254 port 45353 ssh2
debug1: userauth-request for user dteam001 service ssh-connection method
hostbased
debug1: attempt 2 failures 2
debug1: userauth_hostbased: cuser dteam001 chost compute-0-0.local. pkalg
ssh-rsa slen 143
debug1: temporarily_use_uid: 18118/2688 (e=0/0)
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
Accepted hostbased for dteam001 from 10.255.255.254 port 45353 ssh2
Accepted hostbased for dteam001 from 10.255.255.254 port 45353 ssh2
debug1: monitor_child_preauth: dteam001 has been authenticated by privileged
process
debug1: PAM establishing creds
debug1: permanently_set_uid: 18118/2688
debug1: Entering interactive session for SSH2.
debug1: fd 7 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
[snip]

On the WN I get with one -v, i.e. the command scp -B -P 2022 -v
[log in to unmask]:/export/home/dteam001/pbs_sub /tmp

[snip]
debug1: Authentications that can continue: publickey,password,hostbased
debug1: Next authentication method: hostbased
debug1: Remote: Accepted for compute-0-0.local [10.255.255.254] by
/etc/hosts.equiv.
debug1: Authentications that can continue: publickey,password,hostbased
debug1: Remote: Accepted for compute-0-0.local [10.255.255.254] by
/etc/hosts.equiv.
debug1: Authentication succeeded (hostbased).
[snip]

Now the same experiment but the scp on the WN is run by root instead dteam001:
# /usr/bin/scp -B -P 2022 -v
[log in to unmask]:/export/home/dteam001/pbs_sub /tmp

Log of the server on CEhost
[snip]
debug1: userauth-request for user dteam001 service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "dteam001"
Failed none for dteam001 from 10.255.255.254 port 45354 ssh2
debug1: PAM setting rhost to "compute-0-0.local"
debug1: userauth-request for user dteam001 service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug1: userauth_hostbased: cuser root chost compute-0-0.local. pkalg
ssh-dss slen 55
debug1: temporarily_use_uid: 18118/2688 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 18118/2688 (e=0/0)
debug1: restore_uid: 0/0
Failed hostbased for dteam001 from 10.255.255.254 port 45354 ssh2
debug1: userauth-request for user dteam001 service ssh-connection method
hostbased
debug1: attempt 2 failures 2
debug1: userauth_hostbased: cuser root chost compute-0-0.local. pkalg
ssh-rsa slen 143
debug1: temporarily_use_uid: 18118/2688 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 18118/2688 (e=0/0)
debug1: restore_uid: 0/0
Failed hostbased for dteam001 from 10.255.255.254 port 45354 ssh2

Log of the scp client on the WNhost:
[snip]
debug1: Authentications that can continue: publickey,password,hostbased
debug1: Next authentication method: hostbased
debug1: Authentications that can continue: publickey,password,hostbased
debug1: Authentications that can continue: publickey,password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: No more authentication methods to try.

Sincerely,

Patrick