Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh & .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009 debug1: Reading configuration data /home/jackc/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to sby1.extraview.com [10.0.0.111] port 22. debug1: Connection established. debug1: identity file /home/jackc/.ssh/id_rsa type 1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'sby1.extraview.com' is known and matches the RSA host key. debug1: Found key in /home/jackc/.ssh/known_hosts:20 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password <---- !!!!! debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
tia, jackc...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/15/2010 11:51 AM, jack craig wrote:
Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh & .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
publickey,gssapi-with-mic,password <---- !!!!!
...
No credentials cache found
...
No credentials cache found
...
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
I wouldn't worry about GSS failure. You haven't set it up. - From URL: http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g... it explains the idea behind GSS. I tend to think of GSS as Kerberos.
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
Not sure.
When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent?
There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time.
Before I take us down this path which might be a wild good chase, I better ask are you using these?
Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner?
Could you make sure ~/.ssh on both machines is only read/write by owner?
Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner?
For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files.
The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable.
If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea?
On 04/15/2010 11:49 AM, Rick Sewill wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/15/2010 11:51 AM, jack craig wrote:
Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh& .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
publickey,gssapi-with-mic,password<---- !!!!!
...
No credentials cache found
...
No credentials cache found
...
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
I wouldn't worry about GSS failure. You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g... it explains the idea behind GSS. I tend to think of GSS as Kerberos.
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
Not sure.
When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent?
There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time.
Before I take us down this path which might be a wild good chase, I better ask are you using these?
Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
both the client & server have the 700 for .ssh and 600 for all .ssh/*
note also that i have the same access to different hosts in our domain. my client is fc11, but the remote hosts are centos 4 & 5.
As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner?
Could you make sure ~/.ssh on both machines is only read/write by owner?
Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner?
For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files.
The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable.
If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea?
in this case i am just building a backup system for my client host to back up to he server. i have accts on both so i got jackc@client writing to jackc@server
Thx for you time, suggestions beyond perms?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 =l5hs -----END PGP SIGNATURE-----
Has anyone experienced issues with openssh 5.2 and Putty, keep getting strange behavior, IE: putty hangs, used To work no problem with Fedora 9. Right now I have the iptables firewall disabled just to eliminate it as A problem.
-----Original Message----- From: users-bounces@lists.fedoraproject.org [mailto:users-bounces@lists.fedoraproject.org] On Behalf Of jack craig Sent: Thursday, April 15, 2010 3:58 PM To: users@lists.fedoraproject.org Subject: Re: authentication problem
On 04/15/2010 11:49 AM, Rick Sewill wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/15/2010 11:51 AM, jack craig wrote:
Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh& .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
publickey,gssapi-with-mic,password<---- !!!!!
...
No credentials cache found
...
No credentials cache found
...
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
I wouldn't worry about GSS failure. You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g ssapi.html
it explains the idea behind GSS. I tend to think of GSS as Kerberos.
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
Not sure.
When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent?
There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time.
Before I take us down this path which might be a wild good chase, I better ask are you using these?
Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
both the client & server have the 700 for .ssh and 600 for all .ssh/*
note also that i have the same access to different hosts in our domain. my client is fc11, but the remote hosts are centos 4 & 5.
As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner?
Could you make sure ~/.ssh on both machines is only read/write by owner?
Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner?
For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files.
The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable.
If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea?
in this case i am just building a backup system for my client host to back up to he server. i have accts on both so i got jackc@client writing to jackc@server
Thx for you time, suggestions beyond perms?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 =l5hs -----END PGP SIGNATURE-----
On 04/15/2010 02:04 PM, Jeff Kittle wrote:
Has anyone experienced issues with openssh 5.2 and Putty, keep getting strange behavior, IE: putty hangs, used To work no problem with Fedora 9. Right now I have the iptables firewall disabled just to eliminate it as A problem.
-----Original Message----- From: users-bounces@lists.fedoraproject.org [mailto:users-bounces@lists.fedoraproject.org] On Behalf Of jack craig Sent: Thursday, April 15, 2010 3:58 PM To: users@lists.fedoraproject.org Subject: Re: authentication problem
On 04/15/2010 11:49 AM, Rick Sewill wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/15/2010 11:51 AM, jack craig wrote:
Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh& .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
publickey,gssapi-with-mic,password<---- !!!!!
...
No credentials cache found
...
No credentials cache found
...
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
I wouldn't worry about GSS failure. You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g ssapi.html
it explains the idea behind GSS. I tend to think of GSS as Kerberos.
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
Not sure.
When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent?
There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time.
Before I take us down this path which might be a wild good chase, I better ask are you using these?
Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
both the client& server have the 700 for .ssh and 600 for all .ssh/*
note also that i have the same access to different hosts in our domain. my client is fc11, but the remote hosts are centos 4& 5.
As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner?
Could you make sure ~/.ssh on both machines is only read/write by owner?
Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner?
For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files.
The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable.
If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea?
in this case i am just building a backup system for my client host to back up to he server. i have accts on both so i got jackc@client writing to jackc@server
Thx for you time, suggestions beyond perms?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 =l5hs -----END PGP SIGNATURE-----
if you have putty, its M$ <--->FC, true?
if so, which hangs, M$ or FC ?
MS Putty just goes some where, looks like it's waiting on something. I've run the sshd in debug on the Fedora side and it appears to be waiting on a response from the client side.
-----Original Message----- From: users-bounces@lists.fedoraproject.org [mailto:users-bounces@lists.fedoraproject.org] On Behalf Of jack craig Sent: Thursday, April 15, 2010 4:37 PM To: Community support for Fedora users Subject: Re: authentication problem
On 04/15/2010 02:04 PM, Jeff Kittle wrote:
Has anyone experienced issues with openssh 5.2 and Putty, keep getting strange behavior, IE: putty hangs, used To work no problem with Fedora 9. Right now I have the iptables firewall disabled just to eliminate it as A problem.
-----Original Message----- From: users-bounces@lists.fedoraproject.org [mailto:users-bounces@lists.fedoraproject.org] On Behalf Of jack craig Sent: Thursday, April 15, 2010 3:58 PM To: users@lists.fedoraproject.org Subject: Re: authentication problem
On 04/15/2010 11:49 AM, Rick Sewill wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/15/2010 11:51 AM, jack craig wrote:
Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh& .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
publickey,gssapi-with-mic,password<---- !!!!!
...
No credentials cache found
...
No credentials cache found
...
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more
information
No credentials cache found
I wouldn't worry about GSS failure. You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g
ssapi.html
it explains the idea behind GSS. I tend to think of GSS as Kerberos.
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
Not sure.
When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent?
There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time.
Before I take us down this path which might be a wild good chase, I better ask are you using these?
Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
both the client& server have the 700 for .ssh and 600 for all .ssh/*
note also that i have the same access to different hosts in our domain. my client is fc11, but the remote hosts are centos 4& 5.
As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner?
Could you make sure ~/.ssh on both machines is only read/write by owner?
Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner?
For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files.
The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable.
If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea?
in this case i am just building a backup system for my client host to back up to he server. i have accts on both so i got jackc@client writing to jackc@server
Thx for you time, suggestions beyond perms?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 =l5hs -----END PGP SIGNATURE-----
if you have putty, its M$ <--->FC, true?
if so, which hangs, M$ or FC ?
On 04/15/2010 03:40 PM, Jeff Kittle wrote:
MS Putty just goes some where, looks like it's waiting on something. I've run the sshd in debug on the Fedora side and it appears to be waiting on a response from the client side.
-----Original Message-----
my experience with XP is failures during mass ftp blasts, 5-6000 files, m$ starts dropping some xfers.
simple solution, ditch the m$ client for linux! :-P
On 04/15/2010 11:49 AM, Rick Sewill wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/15/2010 11:51 AM, jack craig wrote:
Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh& .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
publickey,gssapi-with-mic,password<---- !!!!!
...
No credentials cache found
...
No credentials cache found
...
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
I wouldn't worry about GSS failure. You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g... it explains the idea behind GSS. I tend to think of GSS as Kerberos.
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
Not sure.
When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent?
There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time.
Before I take us down this path which might be a wild good chase, I better ask are you using these?
Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner?
Could you make sure ~/.ssh on both machines is only read/write by owner?
Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner?
For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files.
The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable.
If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea?
the plot thickens, i switch to the dsa (from rsa key) and my sessions now work fine. But!!! when i put the sme command line in a cron job, i am back to passwd prompting!!!
i guess my only choice is a deep dive into ssh protocols?
tia, jackc...
I kept digging deeper on this problem and this am found the solution (or at least one solution, there may be others).
it amounted to moving the keys in my .ssh to *.bak names, logging out, logging back in, logging into the remote server, exiting, moving the keys back to their proper names and loging into remote again, this time with no pwd reqd!!!
gotta love google and james wagner (jimmyg.org).
But dont bother trying to email him, his email screening is broke.
fyi, jackc...
On 04/15/2010 11:49 AM, Rick Sewill wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/15/2010 11:51 AM, jack craig wrote:
Hi Folks,
I have an authentication issue with ssh that i'd like to ask for clues on solving?
i have created a local host key, id_rsa.pub.
i have copied that to the remote host, .ssh/authorized_keys, and checked the perms for both ~/.ssh& .ssh/authorized_keys.
yet i get the below, ...
ssh -v -l jackc sby1.extraview.com OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
publickey,gssapi-with-mic,password<---- !!!!!
...
No credentials cache found
...
No credentials cache found
...
debug1: Next authentication method: publickey debug1: Offering public key: /home/jackc/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Agent admitted failure to sign using the key. debug1: Next authentication method: password jackc@sby1.extraview.com's password:
my naive reading of the above looks like it fulfilled one authentication method, but then goes on to ask for another, in this case, a password.
my wag is that there is an /etc/pam.d config that is wrong, but this isn't my strong suite and i don't want to guess/mess around.
also, this phrase, ...
debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
I wouldn't worry about GSS failure. You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g... it explains the idea behind GSS. I tend to think of GSS as Kerberos.
where do i find the minor code its referring to?
any ssh guru's out there to provide a clue?
Not sure.
When it says, "Agent admitted failure to sign using the key.", is it referring to ssh-agent?
There is a program, ssh-add, which talks to ssh-agent. I haven't used ssh-add or ssh-agent in a long time.
Before I take us down this path which might be a wild good chase, I better ask are you using these?
Whenever I have publickey authentication problems, it usually is file and directory permissions. You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
As a test, could you make certain your $HOME directories, on both the local and remote machine, are not writable by anyone, but owner?
Could you make sure ~/.ssh on both machines is only read/write by owner?
Could you make sure the files in ~/.ssh, such as authorized_keys, config, id_rsa, known_hosts, are only read/write by owner?
For me, anything in ~/.ssh should only be read/write by owner. Call me paranoid but only owner should have access to these files.
The one kicker, I'm asking you to do, is make sure both $HOME directories are, at most, readable, by others, and not writable.
If you want someone to put files in your $HOME directory area, can you set up $HOME/droparea and give them read/write access to $HOME/droparea? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 =l5hs -----END PGP SIGNATURE-----
-
jack craig -
Jeff Kittle -
Richard Sewill