Re: authentication problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/15/2010 02:04 PM, Jeff Kittle wrote:
> Has anyone experienced issues with openssh 5.2 and Putty, keep getting
> strange behavior, IE: putty hangs, used
> To work no problem with Fedora 9. Right now I have the iptables firewall
> disabled just to eliminate it as
> A problem.
>
>
>
> -----Original Message-----
> From: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx
> [mailto:users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of jack craig
> Sent: Thursday, April 15, 2010 3:58 PM
> To: users@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: authentication problem
>
> On 04/15/2010 11:49 AM, Rick Sewill wrote:
>    
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 04/15/2010 11:51 AM, jack craig wrote:
>>
>>      
>>> Hi Folks,
>>>
>>> I have an authentication issue with ssh that i'd like to ask for clues
>>> on solving?
>>>
>>> i have created a local host key, id_rsa.pub.
>>>
>>> i have copied that to the remote host, .ssh/authorized_keys,
>>> and checked the perms for both ~/.ssh&   .ssh/authorized_keys.
>>>
>>> yet i get the below, ...
>>>
>>>
>>> ssh -v -l jackc sby1.extraview.com
>>> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
>>>
>>>        
>> ...
>>
>>      
>>> publickey,gssapi-with-mic,password<---- !!!!!
>>>
>>>        
>> ...
>>
>>      
>>> No credentials cache found
>>>
>>>
>>>        
>> ...
>>
>>      
>>> No credentials cache found
>>>
>>>
>>>        
>> ...
>>
>>      
>>> debug1: Next authentication method: publickey
>>> debug1: Offering public key: /home/jackc/.ssh/id_rsa
>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>> Agent admitted failure to sign using the key.
>>> debug1: Next authentication method: password
>>> jackc@xxxxxxxxxxxxxxxxxx's password:
>>>
>>> my naive reading of the above looks like it fulfilled
>>> one authentication method, but then goes on to ask for another,
>>> in this case, a password.
>>>
>>> my wag is that there is an /etc/pam.d config that is wrong,
>>> but this isn't my strong suite and i don't want to guess/mess around.
>>>
>>> also, this phrase, ...
>>>
>>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>> No credentials cache found
>>>
>>>
>>>        
>> I wouldn't worry about GSS failure.  You haven't set it up.
>> - From URL:
>>
>>      
> http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-g
> ssapi.html
>    
>> it explains the idea behind GSS.  I tend to think of GSS as Kerberos.
>>
>>
>>      
>>> where do i find the minor code its referring to?
>>>
>>> any ssh guru's out there to provide  a clue?
>>>
>>>
>>>        
>> Not sure.
>>
>> When it says, "Agent admitted failure to sign using the key.",
>> is it referring to ssh-agent?
>>
>> There is a program, ssh-add, which talks to ssh-agent.
>> I haven't used ssh-add or ssh-agent in a long time.
>>
>> Before I take us down this path which might be a wild good chase,
>> I better ask are you using these?
>>
>> Whenever I have publickey authentication problems,
>> it usually is file and directory permissions.
>> You indicated you checked ~/.ssh and ~/.ssh/authorized_keys
>>
>>      
> both the client&  server have the 700 for .ssh and 600 for all .ssh/*
>
> note also that i have the same access to different hosts in our domain.
> my client is fc11, but the remote hosts are centos 4&  5.
>
>    
>> As a test, could you make certain your $HOME directories,
>> on both the local and remote machine, are not writable by anyone,
>> but owner?
>>
>> Could you make sure ~/.ssh on both machines is only read/write
>> by owner?
>>
>> Could you make sure the files in ~/.ssh, such as authorized_keys,
>> config, id_rsa, known_hosts, are only read/write by owner?
>>
>> For me, anything in ~/.ssh should only be read/write by owner.
>> Call me paranoid but only owner should have access to these files.
>>
>> The one kicker, I'm asking you to do, is make sure both
>> $HOME directories are, at most, readable, by others, and not writable.
>>
>> If you want someone to put files in your $HOME directory area,
>> can you set up $HOME/droparea and give them read/write access
>> to $HOME/droparea?
>>
>>      
> in this case i am just building a backup system for my client host to
> back up to he server.
> i have accts on both so i got jackc@client writing to jackc@server
>
> Thx for you time, suggestions beyond perms?
>
>    
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0
>> dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3
>> =l5hs
>> -----END PGP SIGNATURE-----
>>
>>      
>
>    
if you have putty, its M$ <--->FC, true?

if so,  which hangs, M$ or FC ?


-- 
Jack Craig
Software Engineer
831.461.7100 x120
www.extraview.com

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux