Re: key auth ok one way, not the other

On Tue, 28 Mar 2006 11:08:39 +0000, William B. Cattell wrote:

On Mon, 27 Mar 2006 21:34:11 +0200, Stein Arne Storslett wrote:

William B. Cattell wrote:
On Mon, 27 Mar 2006 09:31:20 +0000, Darren Tucker wrote:

On 2006-03-27, William B. Cattell <wbcattell1.nospam@xxxxxxxxx> wrote:
I'm trying to get public key authentication working between two linux
machines - 2.6.8 kernel -- 2.4.22 kernel [and it works one way and
not the other].
Compare the file permissions of $HOME/.ssh/authorized_keys, $HOME/.ssh
and $HOME between the two systems. See http://openssh.com/faq.html#3.14 .

Thanks - I've made some headway after modifying permissions. I'm still
being asked for the passphrase when ssh'ing to the 2.6.8 system. I'm
thinking that if I load the agent on the 2.4.22 machine that should be
resolved. The gotcha is that I can load the agent but trying to add a key
(or even look at the loaded keys) I get a "cannot communicate with agent".

I'm trying a couple different things related to that. Thanks for the
suggestion.

What does /var/log/messages say on the server machine? It usually can
tell you what is wrong. Remember that your home directory needs to be
writable only by you (not writable by the group).

Thanks to Darren (and the FAQ) the permissions are fixed.
/var/log/messages doesn't tell me anything other than it's accepted my
public key. I've verified the public keys are correctly inserted in
authorized_keys and the corresponding private key has (r) permissions for
the owner only.

If I su to root I can do an ssh-add and get the (root's) private key into
the agent (ssh-add -l shows the fingerprint). I'm wondering if ssh-add
needs to be suid (a bad idea, I know).

Any thoughts / ideas?

TIA,

Bill


An update - I ran the agent as a user and was able to insert keys into it.
Would each user have to run the agent ro should I be able to run it at
startup (via r.local script) and let multiple users access it?

TIA,

Bill

.

Relevant Pages

  • Re: Help! ZoneAlarmPro is PREVENTING all Internet Access!
    ... Agent for Windows - just after reading your message. ... In the ZAP log it is recorded that the transaction was ... Then load each, and re-assign permissions. ... >program entry in Program Control to allow that blocked port too. ...
    (comp.security.firewalls)
  • Re: permission problem?
    ... only a messagebox pupup. ... > What error messages do you have in the SQL Server Agent errorlog? ... > is quite simply a matter of Agent doesn't have permissions on the registry ...
    (microsoft.public.sqlserver.server)
  • RE: Computer & Local Profile Migration Trouble
    ... and Printers are not migrating over with the profile. ... >We can adjust registry permissions by using GPO in AD- ... >|>Product Support Services ... >|>|affect the ADMT agent ...
    (microsoft.public.windows.server.migration)
  • Re: key auth ok one way, not the other
    ... Thanks - I've made some headway after modifying permissions. ... The gotcha is that I can load the agent but trying to add a key ... If I su to root I can do an ssh-add and get the private key into ...
    (comp.security.ssh)
  • Re: permission problem?
    ... SQL Agent has an errorlog file, which you for instance can get to from EM, ... I suggest you read in Books Online about permissions. ... >> What error messages do you have in the SQL Server Agent errorlog? ...
    (microsoft.public.sqlserver.server)