Re: key auth ok one way, not the other

On Mon, 27 Mar 2006 21:34:11 +0200, Stein Arne Storslett wrote:

William B. Cattell wrote:
On Mon, 27 Mar 2006 09:31:20 +0000, Darren Tucker wrote:

On 2006-03-27, William B. Cattell <wbcattell1.nospam@xxxxxxxxx> wrote:
I'm trying to get public key authentication working between two linux
machines - 2.6.8 kernel -- 2.4.22 kernel [and it works one way and
not the other].
Compare the file permissions of $HOME/.ssh/authorized_keys, $HOME/.ssh
and $HOME between the two systems. See http://openssh.com/faq.html#3.14 .

Thanks - I've made some headway after modifying permissions. I'm still
being asked for the passphrase when ssh'ing to the 2.6.8 system. I'm
thinking that if I load the agent on the 2.4.22 machine that should be
resolved. The gotcha is that I can load the agent but trying to add a key
(or even look at the loaded keys) I get a "cannot communicate with agent".

I'm trying a couple different things related to that. Thanks for the
suggestion.

What does /var/log/messages say on the server machine? It usually can
tell you what is wrong. Remember that your home directory needs to be
writable only by you (not writable by the group).

Thanks to Darren (and the FAQ) the permissions are fixed.
/var/log/messages doesn't tell me anything other than it's accepted my
public key. I've verified the public keys are correctly inserted in
authorized_keys and the corresponding private key has (r) permissions for
the owner only.

If I su to root I can do an ssh-add and get the (root's) private key into
the agent (ssh-add -l shows the fingerprint). I'm wondering if ssh-add
needs to be suid (a bad idea, I know).

Any thoughts / ideas?

TIA,

Bill


.

Relevant Pages

  • Re: key auth ok one way, not the other
    ... Thanks - I've made some headway after modifying permissions. ... The gotcha is that I can load the agent but trying to add a key ... If I su to root I can do an ssh-add and get the private key into ...
    (comp.security.ssh)
  • Re: OT: Spammers and Traffic Analysis
    ... >>are analyzing patterns of contact in order to forge headers that might cause ... > essentially a token granting specific permissions to its holder). ... > (using your private key) to ensure that the sender has permission to send ...
    (sci.crypt)
  • Re: function call from unmanaged code returns empty string - HELP!!!!
    ... It sounds like a probable permissions problem on the private key associated with the certificate. ... The ASP app will run under an app pool identity but ASP also always impersonates the authenticated user, so it would need permissions to read the private key. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Strange Windows 2000 / 2003 behavior found with ASPNET permissions on MachineKeys folders?!?
    ... Windows cryptography. ... We failed accessing the private key of the certificate and as we tried ... After that we added the permissions to the ASPNET account the ...
    (microsoft.public.security)
  • Re: X.509 Unwrap Woes
    ... You need to give read permissions over the private keys to ASP.NET. ... You can give those permissions using the Certificate tool provided by WSE or ... unwrap a symmetric key using the private key of an X.509 certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)