On Thu, Jul 27, 2000 at 04:50:24PM +0200, Niels Mvller wrote:
> Jeff Bailey <[EMAIL PROTECTED]> writes:
>
> > In my ongoing quest to `lsh'ize the GNU servers, I'm now testing native
> > lsh keys. On every machine I try to generate I get the following:
> >
> > $ lsh_keygen | lsh_writekey
> > lsh_writekey: File exists
>
> lsh_writekey doesn't like overwriting existing key files (it opens
> them with O_EXCL). What behaviour would you prefer? Not using O_EXCL?
> Improving the error message? Adding a --force flag?
A force flag would probably be the best thing to do, with an error that
says:
You already have a public/private key pair. lsh_writekey has not
overwritten them, just in case you have typed this command by accident.
Please add --force if you really want to do this.
See the lsh_keygen (5) man page for more details.
The man page should probably have a new section:
WARNING
The use of DSA keys is intended to replace the use of passwords
for logging into other computers. Used properly this is very
secure and is essential for protecting against intruders.
However, use caution with your keys! Never send the "identity"
file to *ANYONE*, and do not lose the contents of the ~/.lsh
folder. Similar to losing your house keys: simply buying another
set won't get you into your house, if you ever delete or
regenerate these files, you will have to send the new identity.pub
file to all of the systems where you log in.
Back these files up to a disk and store them in a safe place
with other valuables.
> Anyway,
>
> rm ~/.lsh/identity ~/.lsh/identity.pub && lsh_keygen | lsh_writekey
>
> should work.
Observations follow from 3 systems (2 fail, 1 works):
[jbailey@cr499794-a jbailey]$ lsh --version
lsh-0.9.9, secsh protocol version 2.0
[jbailey@cr499794-a jbailey]$ ls -al .lsh
total 10
drwxr-xr-x 2 jbailey jbailey 1024 Jul 27 08:28 .
drwx------ 78 jbailey jbailey 9216 Jul 27 08:16 ..
[jbailey@cr499794-a jbailey]$ rm ~/.lsh/identity ~/.lsh/identity.pub &&
lsh_keygen | lsh_writekey
rm: cannot remove `/home/jbailey/.lsh/identity': No such file or directory
rm: cannot remove `/home/jbailey/.lsh/identity.pub': No such file or
directory
[jbailey@cr499794-a jbailey]$ ls -al .lsh
total 10
drwxr-xr-x 2 jbailey jbailey 1024 Jul 27 08:28 .
drwx------ 78 jbailey jbailey 9216 Jul 27 08:16 ..
[jbailey@cr499794-a jbailey]$ lsh_keygen | lsh_writekey
lsh_writekey: File exists
Broken pipe
[jbailey@cr499794-a jbailey]$ ls -al .lsh
total 10
drwxr-xr-x 2 jbailey jbailey 1024 Jul 27 08:30 .
drwx------ 78 jbailey jbailey 9216 Jul 27 08:16 ..
-rw-r--r-- 1 jbailey jbailey 0 Jul 27 08:30 identity
[jbailey@cr499794-a jbailey]$
I get the same thing on gnudist.gnu.org:
$ lsh --version
lsh-1.0.1, secsh protocol version 2.0
$ ls -al .lsh
total 2
drwxr-xr-x 2 jbailey fsf 1024 Jul 21 09:38 .
drwxrwxrwx 6 jbailey fsf 1024 Jul 21 00:15 ..
$ lsh_keygen | lsh_writekey
lsh_writekey: File exists
Broken pipe
$ ls -al .lsh
total 2
drwxr-xr-x 2 jbailey fsf 1024 Jul 27 08:32 .
drwxrwxrwx 6 jbailey fsf 1024 Jul 21 00:15 ..
-rw-r--r-- 1 jbailey fsf 0 Jul 27 08:32 identity
$
Interesting that Fencepost (Where you installed lsh) seemes to be happier:
jbailey@fencepost:~$ ls -al
total 2
drwx------ 2 jbailey user 1024 Jul 27 11:35 .
drwxr-xr-x 3 root root 1024 Jul 27 11:34 ..
jbailey@fencepost:~$ lsh_keygen | lsh_writekey
lsh_writekey: Created directory /home/fsf/jbailey/.lsh
jbailey@fencepost:~$ cd .lsh
jbailey@fencepost:~/.lsh$ ls -al
total 4
drwxr-xr-x 2 jbailey user 1024 Jul 27 11:35 .
drwx------ 3 jbailey user 1024 Jul 27 11:35 ..
-rw------- 1 jbailey user 490 Jul 27 11:35 identity
-rw-r--r-- 1 jbailey user 619 Jul 27 11:35 identity.pub
jbailey@fencepost:~/.lsh$ lsh --version
lsh-0.9.4, secsh protocol version 2.0
jbailey@fencepost:~/.lsh$
I don't know if it's the version number, or if you just installed it
better than me. =) I'll try and look a touch later, but it's been very
busy at work.
--
"It is easy to be blinded to the essential uselessness of computers by
the sense of accomplishment you get from getting them to work at all."
- Douglas Adams
