I have very similar problems as Fred's. The RSA/DSA just refuses to work,
instead immediately falling back on tunneled password authentication (if
enabled on the system, otherwise it's impossible to get in with ssh).
BTW, I found it didn't eat my configs, it's must not auth'ing with keys.
Arg!
I double checked and all the host keys and user keys are where they belong.
Even rebooting doesn't seem to help. Any clues as to the problem?
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of David Talkington
> Sent: Saturday, March 31, 2001 1:07 PM
> To: [EMAIL PROTECTED]
> Subject: Re: up2date broke sshd! (openssh)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Fred Whipple wrote:
>
> >SSH is now officially broken... the symptoms are:
> >
> >- If you /etc/rc.d/init.d/ssh restart, it will boot you and not restart
>
> Probably because the script which performs this task was attached to
> the terminal from which you ran it. When sshd died, so did your
> session, and thus your terminal, and thus the script. The right way
> to do that would be to use 'at' or 'cron' to do it for you.
> Something as simple as this:
>
> # at now
> > /etc/init.d/sshd restart
> ^D
>
> >- If you at that point telnet in (yuck) and /etc/rc.d/init.d/ssh start,
> >it works
>
> Because that session didn't depend on sshd. See above.
>
> >- If you are ssh'd in and /etc/rc.d/init.d/ssh stop it will kill the
> >daemon, leave your connection alone, but when you /etc/rc.d/init.d/ssh
> >start again sshd will not start
>
> The daemon spawns a child for each connection. You didn't kill them
> all, as evidenced by the fact that you were still connected, which
> means 22 was probably still in use.
>
> >- RSA/DSA authentication does not work/is ignored. You can still use
> >ssh to ssh into other systems before the upgrade which accept RSA/DSA
> >authentication, however ssh'ing into an upgraded system does not work...
> >despite proper configs
>
> I haven't enountered that problem. Without detailed error messages and
> your config files for both the client and the server, we can't be much
> help here.
>
> >Aren't we using Linux for stability and reliability here? Geeze, I'm so
> >****in' tired of Red Hat releasing security updates to packages which
> >break the packages, cause a ripple effect in services you're trying to
> >provide in a production environment, and the rant lives on.
>
> It is true that Red Hat sometimes needs a good smack, but in this
> case, it sounds like mostly your errors. Updating sshd remotely is
> tricky. If you really want to be fancy, run two servers: OpenSSH on
> 22 for everyone, and ssh.com on 24 for you alone, perhaps with only
> key authentication. You can then work freely on 22 without losing
> your connection.
>
> - --
> David Talkington
> http://www.spotnet.org
>
> PGP key: http://www.prairienet.org/~dtalk/dt000823.asc
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Made with pgp4pine 1.75-6
>
> iQEVAwUBOsY41b1ZYOtSwT+tAQGScwf9Fvses+c3wONUnVP4mCE4wHLdmDLeRErW
> CAav5oME5y6jjYteWdGut5ql4qdWSmZiYK6wd5RFf9oa8/Qpf8ddEo2+uApvCeg2
> n8T3XfrcsGLUEEJVWrgIsliEHkzJIp5LU9RhmnCyv1p45o4ZRJ20pncv1dtjkb+H
> jZO7K8gwYJMJfCwtKByOFmC3psmR5WGvulAzj0qdrif6ZcWKjmzjfnx8m9EnSWmk
> uBl0PyIL5G+M0px3LDExIMft1VBfLiUWGSCy+0KWNKhMG1QNCXvhv+9bosFCkYwY
> ouuZK+JK0uVGkuX7dWFEC535yMvQU3qw2iePL6B0G7CVQfNavg9y/A==
> =maLD
> -----END PGP SIGNATURE-----
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
