'[opensuse-security] Can't do ssh as user'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    [opensuse-security] Can't do ssh as user
From:       "Carlos E. R." <carlos.e.r () opensuse ! org>
Date:       2010-10-20 20:48:54
Message-ID: alpine.LNX.2.00.1010202217410.7227 () Telcontar ! valinor
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



hi,

I can't do ssh as user from inside gnome, it works from VT.
To the root account works, too.


cer@Telcontar:~> ssh localhost
Received disconnect from ::1: 2: Too many authentication failures for cer

Fails locally or to my laptop. And as said, works from the console.


My guess is that gnome key-agent is caching a non-existing publick key, 
and offering it to the server, till this one refuses.


Oct 20 22:22:54 Telcontar sshd[18584]: Connection from ::1 port 56303
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Client protocol version 2.0; client \
                software version OpenSSH_5.2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: match: OpenSSH_5.2 pat OpenSSH*
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Enabling compatibility mode for \
                protocol 2.0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Local version string \
                SSH-2.0-OpenSSH_5.2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: initializing for "cer"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_RHOST to "localhost"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
                /home/cer/.ssh/authorized_keys
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
                /home/cer/.ssh/authorized_keys2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
                ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
                /home/cer/.ssh/authorized_keys
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file \
                /home/cer/.ssh/authorized_keys2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2

Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2

Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2

Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2

Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2

Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 \
ssh2


Thats six attempts -> failure.

Ah, file "/home/cer/.ssh/authorized_keys2" does not exist.


Is it possible to force password authentication for a session? Or to 
disable the agent for a session?

[...]

I found this:

cer@Telcontar:~> set | grep ssh
CVS_RSH=ssh
SSH_AUTH_SOCK=/tmp/keyring-CZzKCQ/socket.ssh
cer@Telcontar:~>


Then:

cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -a localhost
Password:
Last login: Wed Oct 20 22:18:23 2010 from localhost
Have a lot of fun...


So, that works...


Is this a bug?



- -- 
Cheers,
        Carlos E. R.
        (from 11.2 x86_64 "Emerald" at Telcontar)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAky/Vb4ACgkQtTMYHG2NR9XN2ACgi5KXbYbD+6yg5e65MsDjyis5
SAEAnihnoqFpZ17LdEYz3kmciTU7t57s
=TCKR
-----END PGP SIGNATURE-----
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic