[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-security
Subject: [opensuse-security] Can't do ssh as user
From: "Carlos E. R." <carlos.e.r () opensuse ! org>
Date: 2010-10-20 20:48:54
Message-ID: alpine.LNX.2.00.1010202217410.7227 () Telcontar ! valinor
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
I can't do ssh as user from inside gnome, it works from VT.
To the root account works, too.
cer@Telcontar:~> ssh localhost
Received disconnect from ::1: 2: Too many authentication failures for cer
Fails locally or to my laptop. And as said, works from the console.
My guess is that gnome key-agent is caching a non-existing publick key,
and offering it to the server, till this one refuses.
Oct 20 22:22:54 Telcontar sshd[18584]: Connection from ::1 port 56303
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Client protocol version 2.0; client \
software version OpenSSH_5.2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: match: OpenSSH_5.2 pat OpenSSH*
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Enabling compatibility mode for \
protocol 2.0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Local version string \
SSH-2.0-OpenSSH_5.2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: initializing for "cer"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_RHOST to "localhost"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
/home/cer/.ssh/authorized_keys
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
/home/cer/.ssh/authorized_keys2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
/home/cer/.ssh/authorized_keys
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
/home/cer/.ssh/authorized_keys2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2
Thats six attempts -> failure.
Ah, file "/home/cer/.ssh/authorized_keys2" does not exist.
Is it possible to force password authentication for a session? Or to
disable the agent for a session?
[...]
I found this:
cer@Telcontar:~> set | grep ssh
CVS_RSH=ssh
SSH_AUTH_SOCK=/tmp/keyring-CZzKCQ/socket.ssh
cer@Telcontar:~>
Then:
cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -a localhost
Password:
Last login: Wed Oct 20 22:18:23 2010 from localhost
Have a lot of fun...
So, that works...
Is this a bug?
- --
Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
iEYEARECAAYFAky/Vb4ACgkQtTMYHG2NR9XN2ACgi5KXbYbD+6yg5e65MsDjyis5
SAEAnihnoqFpZ17LdEYz3kmciTU7t57s
=TCKR
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic