On 04/15/2010 02:04 PM, Jeff Kittle wrote: > Has anyone experienced issues with openssh 5.2 and Putty, keep getting > strange behavior, IE: putty hangs, used > To work no problem with Fedora 9. Right now I have the iptables firewall > disabled just to eliminate it as > A problem. > > > > -----Original Message----- > From: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx > [mailto:users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of jack craig > Sent: Thursday, April 15, 2010 3:58 PM > To: users@xxxxxxxxxxxxxxxxxxxxxxx > Subject: Re: authentication problem > > On 04/15/2010 11:49 AM, Rick Sewill wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 04/15/2010 11:51 AM, jack craig wrote: >> >> >>> Hi Folks, >>> >>> I have an authentication issue with ssh that i'd like to ask for clues >>> on solving? >>> >>> i have created a local host key, id_rsa.pub. >>> >>> i have copied that to the remote host, .ssh/authorized_keys, >>> and checked the perms for both ~/.ssh& .ssh/authorized_keys. >>> >>> yet i get the below, ... >>> >>> >>> ssh -v -l jackc sby1.extraview.com >>> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009 >>> >>> >> ... >> >> >>> publickey,gssapi-with-mic,password<---- !!!!! >>> >>> >> ... >> >> >>> No credentials cache found >>> >>> >>> >> ... >> >> >>> No credentials cache found >>> >>> >>> >> ... >> >> >>> debug1: Next authentication method: publickey >>> debug1: Offering public key: /home/jackc/.ssh/id_rsa >>> debug1: Server accepts key: pkalg ssh-rsa blen 277 >>> Agent admitted failure to sign using the key. >>> debug1: Next authentication method: password >>> jackc@xxxxxxxxxxxxxxxxxx's password: >>> >>> my naive reading of the above looks like it fulfilled >>> one authentication method, but then goes on to ask for another, >>> in this case, a password. >>> >>> my wag is that there is an /etc/pam.d config that is wrong, >>> but this isn't my strong suite and i don't want to guess/mess around. >>> >>> also, this phrase, ... >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> No credentials cache found >>> >>> >>> >> I wouldn't worry about GSS failure. You haven't set it up. >> - From URL: >> >> > http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g > ssapi.html > >> it explains the idea behind GSS. I tend to think of GSS as Kerberos. >> >> >> >>> where do i find the minor code its referring to? >>> >>> any ssh guru's out there to provide a clue? >>> >>> >>> >> Not sure. >> >> When it says, "Agent admitted failure to sign using the key.", >> is it referring to ssh-agent? >> >> There is a program, ssh-add, which talks to ssh-agent. >> I haven't used ssh-add or ssh-agent in a long time. >> >> Before I take us down this path which might be a wild good chase, >> I better ask are you using these? >> >> Whenever I have publickey authentication problems, >> it usually is file and directory permissions. >> You indicated you checked ~/.ssh and ~/.ssh/authorized_keys >> >> > both the client& server have the 700 for .ssh and 600 for all .ssh/* > > note also that i have the same access to different hosts in our domain. > my client is fc11, but the remote hosts are centos 4& 5. > > >> As a test, could you make certain your $HOME directories, >> on both the local and remote machine, are not writable by anyone, >> but owner? >> >> Could you make sure ~/.ssh on both machines is only read/write >> by owner? >> >> Could you make sure the files in ~/.ssh, such as authorized_keys, >> config, id_rsa, known_hosts, are only read/write by owner? >> >> For me, anything in ~/.ssh should only be read/write by owner. >> Call me paranoid but only owner should have access to these files. >> >> The one kicker, I'm asking you to do, is make sure both >> $HOME directories are, at most, readable, by others, and not writable. >> >> If you want someone to put files in your $HOME directory area, >> can you set up $HOME/droparea and give them read/write access >> to $HOME/droparea? >> >> > in this case i am just building a backup system for my client host to > back up to he server. > i have accts on both so i got jackc@client writing to jackc@server > > Thx for you time, suggestions beyond perms? > > >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.10 (GNU/Linux) >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 >> dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 >> =l5hs >> -----END PGP SIGNATURE----- >> >> > > if you have putty, its M$ <--->FC, true? if so, which hangs, M$ or FC ? -- Jack Craig Software Engineer 831.461.7100 x120 www.extraview.com -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines