Re: Configuring ssh on Red Hat Linux 7.3

From: Jean-David Beyer (jdbeyer@exit109.com)
Date: 05/15/02 

From: Jean-David Beyer <jdbeyer@exit109.com>
Date: Wed, 15 May 2002 07:55:10 -0400

Nico Kadel-Garcia wrote:
>
> "Jean-David Beyer" <jdbeyer@exit109.com> wrote in message
> news:3CE07E01.302E5E25@exit109.com...
> > Nico Kadel-Garcia wrote:
> > >
> > > "Jean-David Beyer" <jdbeyer@exit109.com> wrote in message
> > > news:3CDFC60A.FC219DA9@exit109.com...
> > > > I have two machines running dialects of Red Hat Linux. My new machine
> > > > is named "valinux" and the old one is named "touchl". They are
> > > > connected by two NICs.
> > > >
> > > > The valinux machine runs a version of Red Hat Linux from VA Linux
> > > > Systems that they call 6.2.4.
> > > >
> > > > I just installed R.H.L. 7.3 on the touchl machine (that used to run
> > > > R.H.L. 6.0) and it basically works, but there are a bunch of problems.
> > > >
> > > > Each machine can ping the other, so the lower levels of connectivity
> > > > are there. I can look up the IP address of each machine from the other
> > > > using dig (but not nslookup).
> > > >
> > > > I can run the following command on touchl:
> > > >
> > > > valinux:jdbeyer[~]$ ssh -4 -X touchl
> > > > jdbeyer@touchl's password: [the password]
> > > > Last login: Mon May 13 08:28:20 2002 from touchl.localdomain
> > > > [jdbeyer@touchl jdbeyer]$
> > > >
> > > > so it works in one direction. When I try from the touchl machine,
> > > > though, I get:
> > > >
> > > > touchl:jdbeyer[~]$ ssh -4 -X valinux
> > > > jdbeyer@valinux's password: [the password]
> > > > Permission denied: please try again.
> > > >
> > > > I did type the correct password.
> > > >
> > > > /var/log/messages contains this as a result of the attempt:
> > > >
> > > > May 13 09:46:53 valinux sshd[22746]:
> > > > Failed password for jdbeyer from 192.168.1.201 port 1034
> > > > May 13 09:46:55 valinux sshd[22746]:
> > > > Connection closed by 192.168.1.201
> > > >
> > > > On valinux, file /usr/local/etc/ssh_config contains (other than
> > > > comments):
> > > >
> > > > # Be paranoid by default
> > > > Host *
> > > > ForwardAgent no
> > > > ForwardX11 no
> > > > FallBackToRsh no
> > > >
> > > > On touchl, file /etc/ssh/ssh_config contains (other than comments):
> > > >
> > > > Host *
> > > > ForwardX11 yes
> > >
> > > /etc/ssh/sshd_config ...
> >
> > Thanks. But on which machine? The new one, or the old one?
> > Do I do it as myself or as root?
>
> Only root can edit that file. The machine with the *SERVER* failing to allow
> access is probably the problem.

I did not discover the problem, but I found a solution:

I made all new keys on both my machines for both myself and for the
system (i.e., those in ~/.ssh and /etc/ssh) and distributed them to
all my users (i.e., myself and the system on both machines). That
fixed it, but it is not symmetric.

When valinux calls touchl, it asks for jdbeyer's password, but when
touchl calls valinux, it asks for the valinux's passphrase. Perhaps
there is a passphrase on the valinux system keys. If so, I suppose I
could just take them off. 

-- 
 .~.  Jean-David Beyer           Registered Linux User 85642.
 /V\                             Registered Machine    73926.
/( )\ Shrewsbury, New Jersey     http://counter.li.org 
^^-^^ 7:50am up 5 days, 8:53, 3 users, load average: 2.08, 2.05, 2.15