Thanks Steve for the comments below:
-----Original Message-----
From: Steve Barnet [mailto:[EMAIL PROTECTED]]
Sent: Wed 08/02/2006 11:04
To: Bernard Li
Subject: Re: [Oscar-devel] Re: [Oscar-users] Mandriva 2006 status report - openssh "bug" identified
Bernard Li wrote:
> Hi Fernando:
>
> Passwordless ssh is different from having no password with your UNIX account.
>
> The way it works right now is that once you are logged into the system, you can go to any nodes via ssh without entering any password. However, as a regular user, you still need log into the headnode with a password.
>
> All I'm saying is that there doesn't need to be a password generated for the oscartst user (as your solution proposes) as you would never really log in as that user, the account will always be invoked via "su -" or similar mechanism.
>
> Bottomline is, this worked before, and doesn't work any more - we should fix it on the "openssh" level, but not by changing oscartst's passwd file entry.
>
> You might want to reply back to Mandriva saying that we already generated the DSA key (in /etc/profile.d/ssh-oscar.sh) and thus the problem is not there - tell him the situation and perhaps he has a better solution for us.
>
> P.S. You might also want to turn on debugging for ssh when you do tests using the oscartst user, that might give you some hints as to what is wrong...
This might be an sshd config change. Certain distros enable
or disable various features from release to release. I don't
really have the time to look deeply into it (and we have no
Mandriva), but it sounds as though sshd does not have the
DSA/RSA authentication enabled. It's also possible for the
client to have this disabled.
In most openssh implementations, the config files are
in:
/etc/ssh
The debug output will be essential in that by unlocking
the user account he may be authenticating via a null
password before the DSA/RSA authentication would be
invoked.
Best,
---Steve
Title: FW: [Oscar-devel] Re: [Oscar-users] Mandriva 2006 status report - openssh "bug" identified
- RE: [Oscar-devel] Re: [Oscar-users] Mandriva 20... Bernard Li
- Re: [Oscar-devel] Re: [Oscar-users] Mandri... Fernando Laudares Camargos
- [Oscar-devel] Re: [Oscar-users] Mandriva 2... Fernando Laudares Camargos
- RE: [Oscar-devel] Re: [Oscar-users] Mandri... Bernard Li
- Re: [Oscar-devel] Re: [Oscar-users] Ma... Fernando Laudares Camargos
- FW: [Oscar-devel] Re: [Oscar-users] Mandri... Bernard Li
- RE: [Oscar-devel] Re: [Oscar-users] Mandri... Bernard Li
