authentication problem

Jeff Kittle jkittle at wi.rr.com
Thu Apr 15 22:40:04 UTC 2010


MS Putty just goes some where, looks like it's waiting on something. I've
run the sshd in debug on the
Fedora side and it appears to be waiting on a response from the client side.

-----Original Message-----
From: users-bounces at lists.fedoraproject.org
[mailto:users-bounces at lists.fedoraproject.org] On Behalf Of jack craig
Sent: Thursday, April 15, 2010 4:37 PM
To: Community support for Fedora users
Subject: Re: authentication problem

On 04/15/2010 02:04 PM, Jeff Kittle wrote:
> Has anyone experienced issues with openssh 5.2 and Putty, keep getting
> strange behavior, IE: putty hangs, used
> To work no problem with Fedora 9. Right now I have the iptables firewall
> disabled just to eliminate it as
> A problem.
>
>
>
> -----Original Message-----
> From: users-bounces at lists.fedoraproject.org
> [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of jack craig
> Sent: Thursday, April 15, 2010 3:58 PM
> To: users at lists.fedoraproject.org
> Subject: Re: authentication problem
>
> On 04/15/2010 11:49 AM, Rick Sewill wrote:
>    
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 04/15/2010 11:51 AM, jack craig wrote:
>>
>>      
>>> Hi Folks,
>>>
>>> I have an authentication issue with ssh that i'd like to ask for clues
>>> on solving?
>>>
>>> i have created a local host key, id_rsa.pub.
>>>
>>> i have copied that to the remote host, .ssh/authorized_keys,
>>> and checked the perms for both ~/.ssh&   .ssh/authorized_keys.
>>>
>>> yet i get the below, ...
>>>
>>>
>>> ssh -v -l jackc sby1.extraview.com
>>> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
>>>
>>>        
>> ...
>>
>>      
>>> publickey,gssapi-with-mic,password<---- !!!!!
>>>
>>>        
>> ...
>>
>>      
>>> No credentials cache found
>>>
>>>
>>>        
>> ...
>>
>>      
>>> No credentials cache found
>>>
>>>
>>>        
>> ...
>>
>>      
>>> debug1: Next authentication method: publickey
>>> debug1: Offering public key: /home/jackc/.ssh/id_rsa
>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>> Agent admitted failure to sign using the key.
>>> debug1: Next authentication method: password
>>> jackc at sby1.extraview.com's password:
>>>
>>> my naive reading of the above looks like it fulfilled
>>> one authentication method, but then goes on to ask for another,
>>> in this case, a password.
>>>
>>> my wag is that there is an /etc/pam.d config that is wrong,
>>> but this isn't my strong suite and i don't want to guess/mess around.
>>>
>>> also, this phrase, ...
>>>
>>> debug1: Unspecified GSS failure.  Minor code may provide more
information
>>> No credentials cache found
>>>
>>>
>>>        
>> I wouldn't worry about GSS failure.  You haven't set it up.
>> - From URL:
>>
>>      
>
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g
> ssapi.html
>    
>> it explains the idea behind GSS.  I tend to think of GSS as Kerberos.
>>
>>
>>      
>>> where do i find the minor code its referring to?
>>>
>>> any ssh guru's out there to provide  a clue?
>>>
>>>
>>>        
>> Not sure.
>>
>> When it says, "Agent admitted failure to sign using the key.",
>> is it referring to ssh-agent?
>>
>> There is a program, ssh-add, which talks to ssh-agent.
>> I haven't used ssh-add or ssh-agent in a long time.
>>
>> Before I take us down this path which might be a wild good chase,
>> I better ask are you using these?
>>
>> Whenever I have publickey authentication problems,
>> it usually is file and directory permissions.
>> You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
>>
>>      
> both the client&  server have the 700 for .ssh and 600 for all .ssh/*
>
> note also that i have the same access to different hosts in our domain.
> my client is fc11, but the remote hosts are centos 4&  5.
>
>    
>> As a test, could you make certain your $HOME directories,
>> on both the local and remote machine, are not writable by anyone,
>> but owner?
>>
>> Could you make sure ~/.ssh on both machines is only read/write
>> by owner?
>>
>> Could you make sure the files in ~/.ssh, such as authorized_keys,
>> config, id_rsa, known_hosts, are only read/write by owner?
>>
>> For me, anything in ~/.ssh should only be read/write by owner.
>> Call me paranoid but only owner should have access to these files.
>>
>> The one kicker, I'm asking you to do, is make sure both
>> $HOME directories are, at most, readable, by others, and not writable.
>>
>> If you want someone to put files in your $HOME directory area,
>> can you set up $HOME/droparea and give them read/write access
>> to $HOME/droparea?
>>
>>      
> in this case i am just building a backup system for my client host to
> back up to he server.
> i have accts on both so i got jackc at client writing to jackc at server
>
> Thx for you time, suggestions beyond perms?
>
>    
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0
>> dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3
>> =l5hs
>> -----END PGP SIGNATURE-----
>>
>>      
>
>    
if you have putty, its M$ <--->FC, true?

if so,  which hangs, M$ or FC ?


-- 
Jack Craig
Software Engineer
831.461.7100 x120
www.extraview.com

-- 
users mailing list
users at lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



More information about the users mailing list