Zach, thanks for the tip - now I see that ssh under sudo is using /root/.ssh for it's keys... sudo allows for the setting of environment variables on the command line. So Which environment variable does ssh use to determine where it looks for it's keys? I assumed it would be HOME, but under sudo HOME is set to the home directory of the user executing sudo not root's home. Thanks, Morgan. On 18/02/09 07:25, Zach wrote: > Try ssh -vvv -t [.....] > > On Mon, Feb 16, 2009 at 8:39 PM, Morgan Read <mstuff@xxxxxxxxxxx> wrote: > >> My head hurts! >> >> Can anyone help me with what follows - it shows ssh working with pki >> auth in all the permutations I thought might be possible, but lastly >> this command prompts for a password: >> # ssh -t rsync@xxxxxxxxxxxx sudo rsync -avzAXHn --delete-after >> root@xxxxxxxxxxxxx:/etc /media/bigdisk/morgansmachine/etc >> ... >> Permission denied (publickey,gssapi-with-mic,password). >> >> >> [root@morgansoldmachine /]# ssh rsync@xxxxxxxxxxxx >> Last login: Sun Feb 15 20:29:39 2009 from morgansoldmachine.lan >> [rsync@morgansmachine ~]$ logout >> Connection to 192.168.1.40 closed. >> >> [root@morgansoldmachine /]# ssh rsync@morgansmachine >> Last login: Sun Feb 15 20:31:04 2009 from morgansoldmachine.lan >> [rsync@morgansmachine ~]$ logout >> Connection to morgansmachine closed. >> >> [root@morgansoldmachine /]# ssh rsync@xxxxxxxxxxxxxxxxxx >> Last login: Sun Feb 15 20:31:18 2009 from morgansoldmachine.lan >> [rsync@morgansmachine ~]$ logout >> Connection to morgansmachine.lan closed. >> >> [root@morgansoldmachine /]# ssh rsync@xxxxxxxxxxxx >> Last login: Sun Feb 15 20:31:48 2009 from morgansoldmachine.lan >> >> [rsync@morgansmachine ~]$ ssh root@xxxxxxxxxxxxx >> Last login: Sun Feb 15 20:10:52 2009 from morgansmachine.lan >> [root@morgansoldmachine ~]# logout >> Connection to 192.168.1.100 closed. >> >> [rsync@morgansmachine ~]$ ssh root@morgansoldmachine >> Last login: Sun Feb 15 20:32:25 2009 from morgansmachine.lan >> [root@morgansoldmachine ~]# logout >> Connection to morgansoldmachine closed. >> >> [rsync@morgansmachine ~]$ ssh root@xxxxxxxxxxxxxxxxxxxxx >> Last login: Sun Feb 15 20:32:44 2009 from morgansmachine.lan >> [root@morgansoldmachine ~]# logout >> Connection to morgansoldmachine.lan closed. >> >> [rsync@morgansmachine ~]$ logout >> Connection to 192.168.1.40 closed. >> >> [root@morgansoldmachine /]# ssh -t rsync@xxxxxxxxxxxx sudo rsync >> -avzAXHn --delete-after root@xxxxxxxxxxxxx:/etc >> /media/bigdisk/morgansmachine/etc >> root@xxxxxxxxxxxxx's password: >> Permission denied, please try again. >> root@xxxxxxxxxxxxx's password: >> Permission denied, please try again. >> root@xxxxxxxxxxxxx's password: >> Permission denied (publickey,gssapi-with-mic,password). >> rsync: connection unexpectedly closed (0 bytes received so far) [receiver] >> rsync error: error in rsync protocol data stream (code 12) at io.c(600) >> [receiver=3.0.5] >> Connection to 192.168.1.40 closed. >> [root@morgansoldmachine /]# >> >> >> Thanks, >> Morgan. >> -- >> Getting errors: "There are problems with the signature" (or similar)? >> Update your system by installing certificates from CAcert Inc, see here: >> >> http://wiki.cacert.org/wiki/BrowserClients?#head-259758ec5ba51c5205cfb179cf60e0b54d9e378b >> Or, if Internet Explorer is your default browser, simply click this link: >> http://www.cacert.org/index.php?id=17 >> >> Morgan Read >> NEW ZEALAND >> <mailto:mstuffATreadDOTorgDOTnz> >> >> fedora + freedom; fact || fiction? >> http://fedoraproject.org/wiki/Overview >> get freed-ora! >> http://www.fsfla.org/svnwiki/selibre/linux-libre/freed-ora >> >> > -- Getting errors: "There are problems with the signature" (or similar)? Update your system by installing certificates from CAcert Inc, see here: http://wiki.cacert.org/wiki/BrowserClients?#head-259758ec5ba51c5205cfb179cf60e0b54d9e378b Or, if Internet Explorer is your default browser, simply click this link: http://www.cacert.org/index.php?id=17 Morgan Read NEW ZEALAND <mailto:mstuffATreadDOTorgDOTnz> fedora + freedom; fact || fiction? http://fedoraproject.org/wiki/Overview get freed-ora! http://www.fsfla.org/svnwiki/selibre/linux-libre/freed-ora
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature