As the title says. I have two Debian Jessie servers that need to communicate between each other as root (for libvirt live-migration, specifically, inb4 "don't allow SSH as root"). I'm trying to accomplish this via hostbased auth between the two servers.
Everything is set up, and works great for my normal user:
Accepted hostbased for joshua from 10.8.0.25 port 57503 ssh2: RSA th:is:no:ta:nr:sa:1k:ey, client user "joshua", client host "hv1" However, if I try as root, it fails! I do have "PermitRootLogin yes" in my sshd_config file and have looked 5 times at all the obvious problems, but I'm just missing it. Here's the debug output from the root failure:
debug2: userauth_hostbased: chost hv1. resolvedname hv1 ipaddr 10.8.0.25 debug2: stripping trailing dot from chost hv1. debug2: auth_rhosts2: clientuser root hostname hv1 ipaddr 10.8.0.25 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: restore_uid: 0/0 Failed hostbased for root from 10.8.0.25 port 57504 ssh2: RSA th:is:no:ta:nr:sa:1k:ey, client user "root", client host "hv1" debug3: mm_answer_keyallowed: key 0x7f850b616900 is not allowed debug3: mm_request_send entering: type 23 debug2: userauth_hostbased: authenticated 0 [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,hostbased" [preauth] Connection closed by 10.8.0.25 [preauth] I've been digging at this for over a day now and I just keep going in circles trying to decipher that debug output. What exactly is happening here?
These two commands illustrate how I'm testing:
joshua@hv1 ~ $ ssh hv2 uname -r 3.16.0-4-amd64 joshua@hv1 ~ $ sudo ssh hv2 uname -r Permission denied (publickey,hostbased). EDIT: SOLVED
You need to use /root/.rhosts for root hostbased auth to work, including enabling "RhostsRSAAuthentication" and disabling "IgnoreRhosts" in /etc/ssh/sshd_config. Leaving this here since none of the man pages or guides say this explicitly.
[link] [comments]
