Re: [PLUG] ssh

Jeff Abrahamson on 28 May 2004 11:36:03 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh_config

From: Jeff Abrahamson <jeff@purple.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] ssh_config

Date: Fri, 28 May 2004 07:35:00 -0400

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.5.5.1+cvs20040105i

On Thu, May 27, 2004 at 04:40:14PM -0400, Paul L. Snyder wrote: > [43 lines, 281 words, 1936 characters] Top characters: eisnoa_h > > Quoting Jeff Abrahamson <jeff@purple.com>: > > > I attempt to connect to a host and am told too many attempts. Running > > ssh -v confirms that ssh is trying the correct key only after trying > > many keys it should not have tried. > [...] > > The question is why ssh isn't first using the keys I've requested it > > use. > > A close reading of the manpage for ssh_config(5), under IdentityFile, reveals > that it "[s]pecifies a file from which the user's RSA or DSA authentication > identity is read...Additionally, any identities represented by the > authentication agent will be used for authentication." Good catch, thanks! > And also check IdentitiesOnly, which "[s]pecifies that ssh should only use the > authentication identity files configured in the ssh_config files, even if the > ssh-agent offers more identities...This option is intented [sic] for situations > where ssh-agent offers many different identities." Hmm, my version of ssh doesn't understand this option. jeff@asterix:jeff $ ssh -v diderot OpenSSH_3.6.1p2 Debian 1:3.6.1p2-12, SSH protocols 1.5/2.0, OpenSSL 0x0090703f debug1: Reading configuration data /home/jeff/.ssh/config /home/jeff/.ssh/config: line 19: Bad configuration option: IdentitiesOnly /home/jeff/.ssh/config: line 24: Bad configuration option: IdentitiesOnly debug1: Applying options for diderot /home/jeff/.ssh/config: line 28: Bad configuration option: IdentitiesOnly /home/jeff/.ssh/config: line 33: Bad configuration option: IdentitiesOnly debug1: Applying options for * /home/jeff/.ssh/config: terminating, 4 bad configuration options jeff@asterix:jeff $ ssh -V OpenSSH_3.6.1p2 Debian 1:3.6.1p2-12, SSH protocols 1.5/2.0, OpenSSL 0x0090703f jeff@asterix:jeff $ > It looks like ssh-agent is pretty indiscriminate about the identities that it > offers. I'd try playing around with IdentitiesOnly for your *.sf.net Host > section. (Though I can't tell from reading the manpage if this will make you > reenter your passphrase, which would be undesirable.) > > > Note that I begin by starting a new ssh-agent and add keys to it. > > (ssh-mult is just an alias to ssh-add key1 key2 ....) > > As an alternate path, since you've probably only added one key (RSA or DSA) to > the authorized_keys on each host, you might try adding only the key you are > using to ssh-agent. That's a good idea. Up until yesterday, I was unthinkingly adding both DSA and RSA keys to the agent. That at least seems to bring the number of keys known by the agent down to a manageable level (five). Thanks! -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B A cool book of games, highly worth checking out: http://www.amazon.com/exec/obidos/ASIN/1931686963/purple-20
Attachment: signature.asc
Description: Digital signature

References:

Re: [PLUG] ssh_config
From: "Paul L. Snyder" <plsnyder@drexel.edu>

Prev by Date: Re: [PLUG] Urgent! Check This Out! CVS is vulnerable.

Next by Date: Re: [PLUG] Urgent! Check This Out! CVS is vulnerable.

Previous by thread: Re: [PLUG] ssh_config

Next by thread: Re: [PLUG] ssh_config

Index(es):

Date

Thread