would it be possible to see the script? first thing that comes to mind obviously is the password isn't being entered in correctly, maybe theres some whitespace or something wrong with the script? >>> Greg Hauptmann <greg.hauptmann.ruby@xxxxxxxxx> 2/6/2009 11:38 AM >>> Hi guys, I'm stuck on this. I can ssh my target prod server (call it server A), and from there ssh into my repo server (say server B) fine. When I run some scripts that are accessing server B from server A via ssh however they get a a "failed password". Any ideas? What is the difference from server B's perspective how the ssh connection is being established? Here's a tail of the secure.log from Server B for both cases. ---------- server B log when "manually ssh'ing in " ------------------- Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw() succeeded, creating credential for user greg Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw() succeeded, creating shared credential for user greg Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: Succeeded authorizing right system.login.tty by client /usr/sbin/sshd for authorization created by /usr/sbin/sshd. Feb 6 15:23:18 Macintosh-2 sshd[2372]: Accepted keyboard-interactive/pam for greg from 10.1.1.1 port 49636 ssh2 --------- server B log when scripts are trying to access ------------ Feb 6 15:23:53 Macintosh-2 sshd[2414]: error: PAM: Authentication failure for greg from home.gregsdomainname.org Feb 6 15:23:53: --- last message repeated 2 times --- Feb 6 15:23:53 Macintosh-2 sshd[2414]: Failed password for greg from 10.1.1.1 port 50366 ssh2 Not sure if it's significant, however I acutally trigger the scripts running on Server A from Server B itself. Hence end-to-end it is: Server A (run capistrano init) ==ssh==> Sever B (run scripts) ====ssh===>Server A Server B ssh config (/etc/ssh_config) ========================= Macintosh-2:etc greg$ cat /etc/ssh_config # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication yes # GSSAPIDelegateCredentials no # GSSAPIKeyExchange yes # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no Thanks
