Hi,
looks like that the GNOME keyring has imported a larger number of
non-working keys in your set and so you end up the max number of tries
before getting to the keyboard-interactive login. I am not familiar with
GNOME, is there a way to specify to ssh that you _don't_ want publickey
authentication ?
Later,
- Enrico
2008/11/6 Chris Ridd <chrisridd at mac.com>
> Apologies to those of you also on indiana-discuss, who'll get this
> twice :-(
>
> Since about build 99, I've been getting some unexpected failures when
> sshing from an OpenSolaris machine to another machine using a
> different username, eg user at remote.
>
> But the problems only occur when I'm sshing from a GNOME session -
> maybe there's some strange interaction with the GNOME keyring?
>
> So a working session looks like this:
>
> [ssh -v user at remote]
>
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/cjr/.ssh/identity
> debug1: Trying public key: /home/cjr/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Trying public key: /home/cjr/.ssh/id_dsa
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Next authentication method: keyboard-interactive
> Password:
> debug1: Authentication succeeded (keyboard-interactive)
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 0
> debug1: channel request 0: env
> debug1: channel request 0: pty-req
> debug1: channel request 0: shell
> debug1: fd 4 setting TCP_NODELAY
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> Last login: Thu Nov 6 16:06:55 2008 from canopus.isode.net
> [...]
>
> A non-working session from GNOME ends like this:
>
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Next authentication method: publickey
> debug1: Offering agent key: id_rsa
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Offering agent key: id_rsa.old
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Offering agent key: id_dsa.old
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Offering agent key: id_dsa
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Offering agent key: id_rsa1k
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Trying private key: /home/cjr/.ssh/identity
> debug1: Trying public key: /home/cjr/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password,keyboard-
> interactive
> debug1: Trying public key: /home/cjr/.ssh/id_dsa
> Received disconnect from 172.16.0.1: 2: Too many authentication
> failures for user
> debug1: Calling cleanup 0x80798f0(0x0)
>
> [NB 172.16.0.1 is the remote machine]
>
> This all used to work before build 99, using ssh-agent. What needs to
> be done (RTFM?) to make it work again?
>
> Cheers,
>
> Chris
> _______________________________________________
> security-discuss mailing list
> security-discuss at opensolaris.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/security-discuss/attachments/20081106/700e075e/attachment.html>
