Re: authentication problem(solved)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I kept digging deeper on this problem and this am found the solution (or 
at least one solution, there may be others).

it amounted to moving the keys in my .ssh to *.bak names,
logging out, logging back in, logging into the remote server,
exiting, moving the keys back to their proper names and loging into 
remote again,
this time with no pwd reqd!!!

gotta love google and james wagner (jimmyg.org).

But dont bother trying to email him, his email screening is broke.

fyi, jackc...

On 04/15/2010 11:49 AM, Rick Sewill wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/15/2010 11:51 AM, jack craig wrote:
>    
>> Hi Folks,
>>
>> I have an authentication issue with ssh that i'd like to ask for clues
>> on solving?
>>
>> i have created a local host key, id_rsa.pub.
>>
>> i have copied that to the remote host, .ssh/authorized_keys,
>> and checked the perms for both ~/.ssh&  .ssh/authorized_keys.
>>
>> yet i get the below, ...
>>
>>
>> ssh -v -l jackc sby1.extraview.com
>> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
>>      
> ...
>    
>> publickey,gssapi-with-mic,password<---- !!!!!
>>      
> ...
>    
>> No credentials cache found
>>
>>      
> ...
>    
>> No credentials cache found
>>
>>      
> ...
>    
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: /home/jackc/.ssh/id_rsa
>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>> Agent admitted failure to sign using the key.
>> debug1: Next authentication method: password
>> jackc@xxxxxxxxxxxxxxxxxx's password:
>>
>> my naive reading of the above looks like it fulfilled
>> one authentication method, but then goes on to ask for another,
>> in this case, a password.
>>
>> my wag is that there is an /etc/pam.d config that is wrong,
>> but this isn't my strong suite and i don't want to guess/mess around.
>>
>> also, this phrase, ...
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> No credentials cache found
>>
>>      
> I wouldn't worry about GSS failure.  You haven't set it up.
> - From URL:
> http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-gssapi.html
> it explains the idea behind GSS.  I tend to think of GSS as Kerberos.
>
>    
>> where do i find the minor code its referring to?
>>
>> any ssh guru's out there to provide  a clue?
>>
>>      
> Not sure.
>
> When it says, "Agent admitted failure to sign using the key.",
> is it referring to ssh-agent?
>
> There is a program, ssh-add, which talks to ssh-agent.
> I haven't used ssh-add or ssh-agent in a long time.
>
> Before I take us down this path which might be a wild good chase,
> I better ask are you using these?
>
> Whenever I have publickey authentication problems,
> it usually is file and directory permissions.
> You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
>
> As a test, could you make certain your $HOME directories,
> on both the local and remote machine, are not writable by anyone,
> but owner?
>
> Could you make sure ~/.ssh on both machines is only read/write
> by owner?
>
> Could you make sure the files in ~/.ssh, such as authorized_keys,
> config, id_rsa, known_hosts, are only read/write by owner?
>
> For me, anything in ~/.ssh should only be read/write by owner.
> Call me paranoid but only owner should have access to these files.
>
> The one kicker, I'm asking you to do, is make sure both
> $HOME directories are, at most, readable, by others, and not writable.
>
> If you want someone to put files in your $HOME directory area,
> can you set up $HOME/droparea and give them read/write access
> to $HOME/droparea?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0
> dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3
> =l5hs
> -----END PGP SIGNATURE-----
>    

-- 
Jack Craig
Software Engineer
831.461.7100 x120
www.extraview.com

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux