-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/15/2010 11:51 AM, jack craig wrote: > Hi Folks, > > I have an authentication issue with ssh that i'd like to ask for clues > on solving? > > i have created a local host key, id_rsa.pub. > > i have copied that to the remote host, .ssh/authorized_keys, > and checked the perms for both ~/.ssh & .ssh/authorized_keys. > > yet i get the below, ... > > > ssh -v -l jackc sby1.extraview.com > OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009 ... > publickey,gssapi-with-mic,password <---- !!!!! ... > No credentials cache found > ... > No credentials cache found > ... > debug1: Next authentication method: publickey > debug1: Offering public key: /home/jackc/.ssh/id_rsa > debug1: Server accepts key: pkalg ssh-rsa blen 277 > Agent admitted failure to sign using the key. > debug1: Next authentication method: password > jackc@xxxxxxxxxxxxxxxxxx's password: > > my naive reading of the above looks like it fulfilled > one authentication method, but then goes on to ask for another, > in this case, a password. > > my wag is that there is an /etc/pam.d config that is wrong, > but this isn't my strong suite and i don't want to guess/mess around. > > also, this phrase, ... > > debug1: Unspecified GSS failure. Minor code may provide more information > No credentials cache found > I wouldn't worry about GSS failure. You haven't set it up. - From URL: http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-gssapi.html it explains the idea behind GSS. I tend to think of GSS as Kerberos. > where do i find the minor code its referring to? > > any ssh guru's out there to provide a clue? > Not sure. When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent? There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time. Before I take us down this path which might be a wild good chase, I better ask are you using these? Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner? Could you make sure ~/.ssh on both machines is only read/write by owner? Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner? For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files. The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable. If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 =l5hs -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
