On Tue, Nov 13, 2018 at 1:20 AM hiro <[email protected]> wrote: > > did you try with proto=rsa instead of proto=pass ?! > you don't need both rsa and dsa. why not use just rsa? >
Thanks for your prompt response. I got rid of the dsa key in my factotum. Here's my current rsa key record in factotum cpu% grep ssh /mnt/factotum/ctl key proto=rsa service=ssh role=client role=sign [email protected] size=1024 ek=23 n=F69A9E3314E579E9C6A18D9804029849B5CF441E41E2D1CC3A41EE39D296C692B39291128CA86DD714BE78BDDBFC54766D34712A77E04EFC7869055217E2DCC3684E0612AB7E9EA350778BBEA87348BB43A8BDC37A86B0433EBB8ADDC0EB5A314DC35AE10721C9E33BB760ED7DAB70C8D65801EAE7DC7021222E42976C133E47 !dk? !p? !q? !kp? !kq? !c2? key proto=pass service=ssh server=pc-sasha user=sasha !password? Ssh debugging output: cpu% ssh -d pc-sasha /386/bin/ssh2: mounting /srv/netssh on /net /386/bin/ssh2: can't open /srv/netssh: '/srv/netssh' file does not exist /386/bin/ssh2: mounting /srv/ssh on /net /386/bin/ssh2: can't open /srv/ssh: '/srv/ssh' file does not exist /386/bin/ssh2: mounting /srv/ssh.sasha on /net /386/bin/ssh2: dial conn /net/ssh!pc-sasha!22: connect handshake failed Here are the contents of my /net/ssh: cpu% ls -l /net/ssh d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:47 /net/ssh/0 d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:47 /net/ssh/1 d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:48 /net/ssh/2 d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:48 /net/ssh/3 d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:55 /net/ssh/4 d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:57 /net/ssh/5 d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:58 /net/ssh/6 d-r-xr-xr-x M 90 sasha sasha 0 Nov 14 20:58 /net/ssh/7 --rw-rw-rw- M 90 sasha sasha 0 Nov 14 20:47 /net/ssh/clone --rw-rw-rw- M 90 sasha sasha 0 Nov 14 20:47 /net/ssh/ctl --rw------- M 90 sasha sasha 0 Nov 14 20:47 /net/ssh/keys The Keys and Management section of SSH(4), refers to various keys required for the operation of ssh. (1). The first key needed is the host key for server operation. In the case of the keys being stored in factotum(4), these keys will be the first ones listed with proto=rsa and proto=dss. That's what I already have in my factotum shown above. (2). The next set of keys are the public host keys used by clients to verify the identities of servers. As with the original Plan 9 SSH implementation, there is a system-wide list of these in /sys/lib/ssh/keyring and each user may have a list in $home/lib/keyring. If a public key for a remote server is listed and matches the one offered by the server, the connection proceeds. If a public key for a remote server is listed but does not match the one offered by the server, or if no public key is listed for a remote server, ssh (see ssh2(1)) presents the key to the user and asks whether to reject the key, accept the key only for that session, or accept the key permanently. The last option causes the key to be written to the user's keyring. In the case of a mismatching key, the accept option can either be to add to or replace the old key. I have neither of the keyring files, nor do I get prompted to accept any keys. What am I missing? Thanks.
