I kept digging deeper on this problem and this am found the solution (or at least one solution, there may be others). it amounted to moving the keys in my .ssh to *.bak names, logging out, logging back in, logging into the remote server, exiting, moving the keys back to their proper names and loging into remote again, this time with no pwd reqd!!! gotta love google and james wagner (jimmyg.org). But dont bother trying to email him, his email screening is broke. fyi, jackc... On 04/15/2010 11:49 AM, Rick Sewill wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/15/2010 11:51 AM, jack craig wrote: > >> Hi Folks, >> >> I have an authentication issue with ssh that i'd like to ask for clues >> on solving? >> >> i have created a local host key, id_rsa.pub. >> >> i have copied that to the remote host, .ssh/authorized_keys, >> and checked the perms for both ~/.ssh& .ssh/authorized_keys. >> >> yet i get the below, ... >> >> >> ssh -v -l jackc sby1.extraview.com >> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009 >> > ... > >> publickey,gssapi-with-mic,password<---- !!!!! >> > ... > >> No credentials cache found >> >> > ... > >> No credentials cache found >> >> > ... > >> debug1: Next authentication method: publickey >> debug1: Offering public key: /home/jackc/.ssh/id_rsa >> debug1: Server accepts key: pkalg ssh-rsa blen 277 >> Agent admitted failure to sign using the key. >> debug1: Next authentication method: password >> jackc@xxxxxxxxxxxxxxxxxx's password: >> >> my naive reading of the above looks like it fulfilled >> one authentication method, but then goes on to ask for another, >> in this case, a password. >> >> my wag is that there is an /etc/pam.d config that is wrong, >> but this isn't my strong suite and i don't want to guess/mess around. >> >> also, this phrase, ... >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> No credentials cache found >> >> > I wouldn't worry about GSS failure. You haven't set it up. > - From URL: > http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-gssapi.html > it explains the idea behind GSS. I tend to think of GSS as Kerberos. > > >> where do i find the minor code its referring to? >> >> any ssh guru's out there to provide a clue? >> >> > Not sure. > > When it says, "Agent admitted failure to sign using the key.", > is it referring to ssh-agent? > > There is a program, ssh-add, which talks to ssh-agent. > I haven't used ssh-add or ssh-agent in a long time. > > Before I take us down this path which might be a wild good chase, > I better ask are you using these? > > Whenever I have publickey authentication problems, > it usually is file and directory permissions. > You indicated you checked ~/.ssh and ~/.ssh/authorized_keys > > As a test, could you make certain your $HOME directories, > on both the local and remote machine, are not writable by anyone, > but owner? > > Could you make sure ~/.ssh on both machines is only read/write > by owner? > > Could you make sure the files in ~/.ssh, such as authorized_keys, > config, id_rsa, known_hosts, are only read/write by owner? > > For me, anything in ~/.ssh should only be read/write by owner. > Call me paranoid but only owner should have access to these files. > > The one kicker, I'm asking you to do, is make sure both > $HOME directories are, at most, readable, by others, and not writable. > > If you want someone to put files in your $HOME directory area, > can you set up $HOME/droparea and give them read/write access > to $HOME/droparea? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0 > dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3 > =l5hs > -----END PGP SIGNATURE----- > -- Jack Craig Software Engineer 831.461.7100 x120 www.extraview.com -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
