ssh (gnome keyring?) problems since build 99

Thu, 06 Nov 2008 21:34:38 +0000 

On 6 Nov 2008, at 20:34, Nicolas Williams wrote:

> On Thu, Nov 06, 2008 at 10:55:37AM -0800, Enrico Perla wrote:
>> 2008/11/6 Chris Ridd <chrisridd at mac.com>
>>> I believe so - ssh -o PreferredAuthentications=password ... - but it
>>> would be nice if I could get things behaving like it used to pre-99.
>
> Use -o PreferredAuthentications=keyboard-interactive,password, not
> =password.

OK.

>> Sure the ssh option is that one, my question was more if there is a  
>> way to
>> instrument the keyring to not attempt key authentication on  
>> specific hosts
>> (or if it is even its duty)
>>
>> I guess that being able to pick all the available keys is a desired
>> feature...
>
> OK, let's try this:
>
> % echo $SSH_AUTH_SOCK
> % echo $SSH_AGENT_PID
> % pgrep ssh-agent
> % ptree 1|while read pid cmd args
> % do
> % pfiles $pid 2>/dev/null |grep $SSH_AUTH_SOCK > /dev/null && echo  
> FOUND: $pid $cmd $args
> % done
>
> Is that ssh-agent?

The only ssh-agent I can see while logged in remotely from home is:

bash-3.2$ ptree 888
821   /usr/sbin/gdm-binary
   822   /usr/sbin/gdm-binary
     872   gnome-session
       888   /usr/bin/ssh-agent /home/cjr/.Xclients-default

But I have no idea what SSH_AUTH_SOCK and SSH_AGENT_PID are set to in  
gnome-terminal. I'll repeat this test back in the office tomorrow.

> If so please post ~/.ssh/config.  Perhaps you've added Identity
> parameters naming all your keys recently.

---
Host www.example.com
User foo

Host matte.example.net
User foo
---

> Also, I suspect your keys are not passphrase-protected.  I wouldn't
> recommend that for any important keys, or even at all, particularly if
> your home directory is mounted remotely.

All my private keys are encrypted.

bash-3.2$ cd .ssh
bash-3.2$ head -3 id_dsa id_dsa.old id_rsa id_rsa.old id_rsa1k
==> id_dsa <==
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,36005B0C13D69C99

==> id_dsa.old <==
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,1D7721D9F08B1476

==> id_rsa <==
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,76C7FF3A5B092388

==> id_rsa.old <==
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B19F257DA2D66D8B

==> id_rsa1k <==
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AEF3609DFD9199F1

Cheers,

Chris

Reply via email to