Re: authentication problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/15/2010 11:51 AM, jack craig wrote:
> Hi Folks,
> 
> I have an authentication issue with ssh that i'd like to ask for clues
> on solving?
> 
> i have created a local host key, id_rsa.pub.
> 
> i have copied that to the remote host, .ssh/authorized_keys,
> and checked the perms for both ~/.ssh & .ssh/authorized_keys.
> 
> yet i get the below, ...
> 
> 
> ssh -v -l jackc sby1.extraview.com
> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
> publickey,gssapi-with-mic,password  <---- !!!!!
...
> No credentials cache found
> 
...
> No credentials cache found
> 
...
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/jackc/.ssh/id_rsa
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> Agent admitted failure to sign using the key.
> debug1: Next authentication method: password
> jackc@xxxxxxxxxxxxxxxxxx's password:
> 
> my naive reading of the above looks like it fulfilled
> one authentication method, but then goes on to ask for another,
> in this case, a password.
> 
> my wag is that there is an /etc/pam.d config that is wrong,
> but this isn't my strong suite and i don't want to guess/mess around.
> 
> also, this phrase, ...
> 
> debug1: Unspecified GSS failure.  Minor code may provide more information
> No credentials cache found
> 

I wouldn't worry about GSS failure.  You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-gssapi.html
it explains the idea behind GSS.  I tend to think of GSS as Kerberos.

> where do i find the minor code its referring to?
> 
> any ssh guru's out there to provide  a clue?
> 

Not sure.

When it says, "Agent admitted failure to sign using the key.",
is it referring to ssh-agent?

There is a program, ssh-add, which talks to ssh-agent.
I haven't used ssh-add or ssh-agent in a long time.

Before I take us down this path which might be a wild good chase,
I better ask are you using these?

Whenever I have publickey authentication problems,
it usually is file and directory permissions.
You indicated you checked ~/.ssh and ~/.ssh/authorized_keys

As a test, could you make certain your $HOME directories,
on both the local and remote machine, are not writable by anyone,
but owner?

Could you make sure ~/.ssh on both machines is only read/write
by owner?

Could you make sure the files in ~/.ssh, such as authorized_keys,
config, id_rsa, known_hosts, are only read/write by owner?

For me, anything in ~/.ssh should only be read/write by owner.
Call me paranoid but only owner should have access to these files.

The one kicker, I'm asking you to do, is make sure both
$HOME directories are, at most, readable, by others, and not writable.

If you want someone to put files in your $HOME directory area,
can you set up $HOME/droparea and give them read/write access
to $HOME/droparea?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0
dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3
=l5hs
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux