Hostbased Authentication

Kesavan · September 10, 2010, 7:11am

How to setup a host based Authentication for a server and a client,or for a server and more clients?
Can someone help me in this please.......

zaxxon · September 10, 2010, 7:16am

As part of ssh or just as a tcp wrapper like using /etc/hosts.allow and /etc/hosts.deny??

Kesavan · September 10, 2010, 7:22am

As a part of ssh....
Thanks for your assistance in advance..

zaxxon · September 10, 2010, 7:31am

From man page of sshd_config:

          HostbasedAuthentication
               Specifies whether rhosts or /etc/hosts.equiv
               authentication together with successful public key
               client host authentication is allowed (hostbased
               authentication).  This option is similar to
               RhostsRSAAuthentication and applies to protocol version
               2 only.  The default is ``no''.

So edit your /etc/ssh/sshd_config accordingly, setting HostbasedAuthentication yes, restart sshd and play arround with filling /etc/hosts.equiv with names/ip-addresses.

Kesavan · September 10, 2010, 7:50am

zaxxon:

From man page of sshd_config:
   HostbasedAuthentication
   Specifies whether rhosts or /etc/hosts.equiv
   authentication together with successful public key
   client host authentication is allowed (hostbased
   authentication).  This option is similar to
   RhostsRSAAuthentication and applies to protocol version
   2 only.  The default is ``no''.
So edit your /etc/ssh/sshd_config accordingly, setting HostbasedAuthentication yes, restart sshd and play arround with filling /etc/hosts.equiv with names/ip-addresses.

iam a newbie, sorry for asking too much questions,
does this applies for both client and server?

zaxxon · September 10, 2010, 7:56am

No worries. It applies to any machine where a sshd is running. ssh_config is for client config and sshd_config is for server config. If there is a acting as a server, you have to edit it's /etc/ssh/sshd_config and restart it's sshd, plus editing the hosts.equiv to your needs. If you come from another box like a pc with putty or ssh client from a linux box for example, you do not have to edit or restart anything on the client.

Kesavan · September 10, 2010, 9:13am

i did the configurations, i enabled the HostbasedAuthentication yes in both the ssh_config of client and sshd_config of server. Then i added the the client hostname and ip in the following manner in etc/hosts.equiv file of the server.

                      clienthost  ip

but when i gave ssh server from the client it is asking for the password.
Please correct me if i were wrong in any of the above mentioned scenarios...

Kesavan · September 14, 2010, 12:42am

Thanks for the help guys...

I got it worked, one of my friend helped me...we just need to add the
rsa - public key of the client to the authorized_keys file in the .ssh directory of the user in the server..

u can do it by the following commands

ssh-keygen -t rsa ---- this will create the rsa key in the client.

create a directory called ".ssh" in the home directory of "root" in the server, if it is not present.

  cat /root/.ssh/id_rsa.pub | ssh root@&lt;ip&gt; 'cat &gt;&gt; /root/.ssh/authorized_keys'

That's it..............

pludi · September 14, 2010, 1:08am

By your description you didn't set up Host Based Authentication, but plain old simple Public Key Authentication. BIG difference if one know what these 2 terms really mean, and as such it's no wonder our solution was different from what you wanted.

Kesavan · September 14, 2010, 5:12am

Thanks man...
As i have posted before iam a newbie to linux...
i was trying to learn hostbasedauthentication, one of my friend offered this solution for a passwordless authentication, i assumed it was hostbased.
Thanks for your reply, so that i came to know the difference between the public key authentication and hostbasedauthentication...
Thanks a lot ....