Hi Geoffroy: So it sounds like you're saying if you create a user BEFORE using OSCAR and so happens to have generated the authorized keys, this does not work with OSCAR (OSCAR will generate these keys for the user automatically the first time they log in...)
I don't think we have ever handled this situation, so best that you file a bug on this then. Thanks, Bernard > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Geoffroy Vallée > Sent: Friday, June 23, 2006 8:28 > To: [email protected] > Subject: Re: [Oscar-devel] problem with ssh on fc4/trunk > > Hey, > > I have more information... > i executed the command "head -2 id_rsa" in the .ssh folder of > the user > account, the output was: Pro-Type: 4, ENCRYPTED. On the other > hand the same > command for root gives the actual private ket (no encryption). > Therefore i generated again the RSA key for the user > (ssh-keygen -t rsa), the > key is then not encrypted and i can ssh the compute node > without to have to > enter my password. > > So it seems the problem depends on the way the key is > generated for the user > and actually i think the problem in my case is that i used > the account before > to use oscar to do something else (connect the gateway), so > the key was not > generated by OSCAR and therefore encrypted. > > All OSCAR users may have this problem. > > Le Vendredi 23 Juin 2006 10:25, Geoffroy Vallée a écrit : > > Hey, > > > > ssh is still acting weird, today i have to enter 3 times my > password before > > to be able to connect the compute node. Here is the ssh log: > > > > $ ssh oscarnode1 -v > > OpenSSH_4.2p1, OpenSSL 0.9.7f 22 Mar 2005 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug1: Connecting to oscarnode1 [192.168.1.2] port 22. > > debug1: Connection established. > > debug1: identity file /home/gvallee/.ssh/identity type 0 > > debug1: identity file /home/gvallee/.ssh/id_rsa type 1 > > debug1: identity file /home/gvallee/.ssh/id_dsa type 2 > > debug1: Remote protocol version 2.0, remote software > version OpenSSH_4.0 > > debug1: match: OpenSSH_4.0 pat OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_4.2 > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug1: kex: server->client aes128-cbc hmac-md5 none > > debug1: kex: client->server aes128-cbc hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug1: Host 'oscarnode1' is known and matches the RSA host key. > > debug1: Found key in /home/gvallee/.ssh/known_hosts:5 > > debug1: ssh_rsa_verify: signature correct > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug1: SSH2_MSG_NEWKEYS received > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug1: Authentications that can continue: > > publickey,gssapi-with-mic,password debug1: Next > authentication method: > > gssapi-with-mic > > debug1: Authentications that can continue: > > publickey,gssapi-with-mic,password debug1: Authentications that can > > continue: publickey,gssapi-with-mic,password debug1: Next > authentication > > method: publickey > > debug1: Offering public key: /home/gvallee/.ssh/id_rsa > > debug1: Server accepts key: pkalg ssh-rsa blen 149 > > debug1: PEM_read_PrivateKey failed > > debug1: read PEM private key done: type <unknown> > > Enter passphrase for key '/home/gvallee/.ssh/id_rsa': > > debug1: PEM_read_PrivateKey failed > > debug1: read PEM private key done: type <unknown> > > Enter passphrase for key '/home/gvallee/.ssh/id_rsa': > > debug1: PEM_read_PrivateKey failed > > debug1: read PEM private key done: type <unknown> > > Enter passphrase for key '/home/gvallee/.ssh/id_rsa': > > debug1: PEM_read_PrivateKey failed > > debug1: read PEM private key done: type <unknown> > > debug1: Offering public key: /home/gvallee/.ssh/id_dsa > > debug1: Server accepts key: pkalg ssh-dss blen 818 > > debug1: read PEM private key done: type DSA > > debug1: Authentication succeeded (publickey). > > debug1: channel 0: new [client-session] > > debug1: Entering interactive session. > > Last login: Fri Jun 23 10:21:03 2006 from headnode.ornl.gov > > > > Le Jeudi 22 Juin 2006 13:52, vous avez écrit : > > > Hi Geoffroy: > > > > Another issue on FC4 with trunk: impossible to connect to > > > > compute nodes being a > > > > normal user without to have to give the password. Therefore, > > > > i have to enter > > > > the password for all the user tests. :-( > > > > The only problem i see in oscarinstall.log about ssh is the > > > > following line: > > > > checking configuration file sshd_config ... > > > > ./ssh_install: line 169: [: -lt: unary operator expected > > > > > > Is /home mounted on your compute nodes? That is necessary for > > > authorized keys to work. > > > > > > As to the message you're seeing, I don't think it's the > cause of the > > > problem, but anyway there is already a bug filed: > > > > > > http://svn.oscar.openclustergroup.org/trac/oscar/ticket/125 > > > > > > Do you think you can look into it? > > > > > > > So it seems that during the last OSCAR call the idea was to > > > > say that the FC4 > > > > support is ok. I tend to disagree with that, there are still > > > > some little > > > > issues. > > > > > > DongInn is doing an installation with Fedora Core 4 right > now and will > > > report back his findings. > > > > > > Thanks, > > > > > > Bernard > > -- > Geoffroy > > Using Tomcat but need to do more? Need to support web > services, security? > Get stuff done quickly with pre-integrated technology to make > your job easier > Download IBM WebSphere Application Server v.1.0.1 based on > Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&; > dat=121642 > _______________________________________________ > Oscar-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/oscar-devel > Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Oscar-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/oscar-devel
