On 04/15/2010 11:49 AM, Rick Sewill wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/15/2010 11:51 AM, jack craig wrote: > >> Hi Folks, >> >> I have an authentication issue with ssh that i'd like to ask for clues >> on solving? >> >> i have created a local host key, id_rsa.pub. >> >> i have copied that to the remote host, .ssh/authorized_keys, >> and checked the perms for both ~/.ssh& .ssh/authorized_keys. >> >> yet i get the below, ... >> >> >> ssh -v -l jackc sby1.extraview.com >> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009 >> > ... > >> publickey,gssapi-with-mic,password<---- !!!!! >> > ... > >> No credentials cache found >> >> > ... > >> No credentials cache found >> >> > ... > >> debug1: Next authentication method: publickey >> debug1: Offering public key: /home/jackc/.ssh/id_rsa >> debug1: Server accepts key: pkalg ssh-rsa blen 277 >> Agent admitted failure to sign using the key. >> debug1: Next authentication method: password >> jackc@xxxxxxxxxxxxxxxxxx's password: >> >> my naive reading of the above looks like it fulfilled >> one authentication method, but then goes on to ask for another, >> in this case, a password. >> >> my wag is that there is an /etc/pam.d config that is wrong, >> but this isn't my strong suite and i don't want to guess/mess around. >> >> also, this phrase, ... >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> No credentials cache found >> >> > I wouldn't worry about GSS failure. You haven't set it up. > - From URL: > http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-gssapi.html > it explains the idea behind GSS. I tend to think of GSS as Kerberos. > > >> where do i find the minor code its referring to? >> >> any ssh guru's out there to provide a clue? >> >> > Not sure. > > When it says, "Agent admitted failure to sign using the key.", > is it referring to ssh-agent? > > There is a program, ssh-add, which talks to ssh-agent. > I haven't used ssh-add or ssh-agent in a long time. > > Before I take us down this path which might be a wild good chase, > I better ask are you using these? > > Whenever I have publickey authentication problems, > it usually is file and directory permissions. > You indicated you checked ~/.ssh and ~/.ssh/authorized_keys > > As a test, could you make certain your $HOME directories, > on both the local and remote machine, are not writable by anyone, > but owner? > > Could you make sure ~/.ssh on both machines is only read/write > by owner? > > Could you make sure the files in ~/.ssh, such as authorized_keys, > config, id_rsa, known_hosts, are only read/write by owner? > > For me, anything in ~/.ssh should only be read/write by owner. > Call me paranoid but only owner should have access to these files. > > The one kicker, I'm asking you to do, is make sure both > $HOME directories are, at most, readable, by others, and not writable. > > If you want someone to put files in your $HOME directory area, > can you set up $HOME/droparea and give them read/write access > to $HOME/droparea? > the plot thickens, i switch to the dsa (from rsa key) and my sessions now work fine. But!!! when i put the sme command line in a cron job, i am back to passwd prompting!!! i guess my only choice is a deep dive into ssh protocols? tia, jackc... -- Jack Craig Software Engineer 831.461.7100 x120 www.extraview.com -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
