Re: ssh & passphrases on FC2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

William Hooper wrote:

And you are using the -i option to tell ssh what key to use, right? Perhaps you can provide us with some ssh debug output?


Your suggestion to supply debug output led me to some experimentation to supply that output, and that then led me to conclude that I'm not understanding what certain options are supposed to do.

Here's a base ssh_config file I started with:
Host *
  BatchMode no
  ChallengeResponseAuthentication yes
  ForwardX11 yes
  HostbasedAuthentication no
  HostKeyAlgorithms ssh-rsa,ssh-dss
  KerberosAuthentication no
  PasswordAuthentication yes
  PreferredAuthentications publickey,keyboard-interactive,password
  Protocol 2
  PubkeyAuthentication yes
  RhostsAuthentication no
  RhostsRSAAuthentication no
  RSAAuthentication no

I took this file and modified only one line of it - the PreferredAuthentications line to specify only one method at a time, and then hit a remote box via the ssh command. The remote box has authorized_key* files that contain the keys for the box local to me. When I use an agent, its seemless. What I'm trying to set up is working without an agent.

With no agent running and with :
PreferredAuthentications publickey
I ssh to the remote box and get the passphrase prompt only, which is what I was after originally.

Then I thought "Wait a minute that looks like keyboard interaction to me, so what does the "keyboard-interactive" option do?

So, with no agent running and with :
PreferredAuthentications keyboard-interactive
I ssh to the remote box and get the password prompt only. Now that is keyboard interactive, but I never specified it to use the password method. Strange.

So, with no agent running and with :
PreferredAuthentications password
I ssh to the remote box and get thrown out immediately.

Very confusing!

I've Googled and man paged to try to get definitions for keyboard-interactive and ChallengeResponseAuthentication as they appear to have something to do with this confusion.

If you can shed some light on this I'd appreciate it.

--
Bill Gradwohl
bill@xxxxxxx
http://www.ycc.com
spamSTOMPER Protected email

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux