| Jeff Abrahamson on 22 May 2004 20:35:03 -0000 |
|
On Fri, May 21, 2004 at 03:58:11PM -0400, Dan Widyono wrote: > [14 lines, 46 words, 525 characters] Top characters: _inl-ose > > ssh -i id_rsa.foo machinename > > ssh-agent, when loaded with all your keys, will take care of this for you. It turned out that the problem was only on one machine (the first I was trying, though). On closer inspection, that machine was running a version 1 protocol rather than version 2. The owner of the machine tells me he's patched it. Mystery solved, at least. I now have ssh keys mostly working for most hosts. Two mysteries remain. 1. Despite listing all my keys in ~/.ssh/ssh_config, ssh-add doesn't prompt me for all of them. So I have to specify each one I want to add. Is this normal? 2. One machine (running OpenSSH) doesn't like me by public key, but is ok with password login if my ssh-agent is unknown. Here are the relevant log entries. The names asterix and diderot are not known to the world, but are known inside my private network, as you might imagine by the 192.168 addresses. But I'm inside my network. Can anyone help me understand the errors I'm seeing in my log files or why the certificate login is failing? First I try to log in to diderot from asterix, without success. (This failure happens even if I move my diderot .ssh/authorized_keys to a backup location.) This is from auth.log: May 22 15:51:04 diderot sshd[18226]: warning: /etc/hosts.allow, line 14: can't verify hostname: gethostbyname(asterix.purple.com.0.168.192.in-addr.arpa) failed May 22 15:51:04 diderot ssh(pam_unix)[18226]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=asterix.purple.com.0.168.192.in-addr.arpa user=jeff May 22 15:51:06 diderot sshd[18227]: Failed publickey for jeff from 192.168.0.6 port 60599 ssh2 Now I try again, but having cleared SSH_AUTH_SOCK and SSH_AGENT_PID. It works, auth.log says this: May 22 15:51:22 diderot sshd[18230]: warning: /etc/hosts.allow, line 14: can't verify hostname: gethostbyname(asterix.purple.com.0.168.192.in-addr.arpa) failed May 22 15:51:23 diderot ssh(pam_unix)[18230]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=asterix.purple.com.0.168.192.in-addr.arpa user=jeff May 22 15:51:25 diderot sshd[18231]: Failed keyboard-interactive for jeff from 192.168.0.6 port 60600 ssh2 May 22 15:51:27 diderot sshd[18230]: Accepted password for jeff from 192.168.0.6 port 60600 ssh2 May 22 15:51:27 diderot ssh(pam_unix)[18232]: session opened for user jeff by (uid=1000) May 22 15:51:27 diderot pam_limits[18232]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000 May 22 15:51:27 diderot pam_limits[18232]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000 I'm not clear why I'm seeing several of the above errors, but asterix is resolving correctly: diderot:/var/log# dig asterix.purple.com ; <<>> DiG 9.2.2 <<>> asterix.purple.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22142 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;asterix.purple.com. IN A ;; ANSWER SECTION: asterix.purple.com. 259200 IN A 192.168.0.6 ;; AUTHORITY SECTION: purple.com. 259200 IN NS diderot.purple.com. ;; ADDITIONAL SECTION: diderot.purple.com. 259200 IN A 192.168.0.5 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat May 22 15:51:41 2004 ;; MSG SIZE rcvd: 90 diderot:/var/log# Line 14 of hosts.allow, the only non-comment line, says ALL: .purple.com (/etc/hosts.deny says ALL: deny.) -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B A cool book of games, highly worth checking out: http://www.amazon.com/exec/obidos/ASIN/1931686963/purple-20 Attachment:
signature.asc
|
|