On Oct 8, 2007, at 5:39 AM, Leo R. Lundgren wrote:
6 okt 2007 kl. 23.20 skrev Dan Shoop:
Regarding SSH, I *think* that last time the authentication was
down, I tried SSH and couldn't log into it
As expected if you aren't using keys.
Dan suggested that perhaps SSH would work using key
authentication, but I guess it's a no on that though, if I'm not
mistaken.
I wasn't guessing. It doesn't need to use directory services for
authentication.
I'll check it out for sure next time it happens.
No, please don't bother...
-dhan
Dan,
Before making a complete fool out of yourself the next time,
please RTFMail that you are responding to. I'll paste part of what
I wrote again, so you can correct your post.
The reason I mention it is that for this server, we use keys only.
Or, come to think of it, please don't bother..
Next time the server screws up, I'll make sure to see whether keys
work or not.
Which will not prove or disprove that key based authentication
doesn't require Directory Services; it would just prove you have
some third problem.
For the record ssh key based authentication does not authenticate
through Directory Services. That's the point of the keys and all
the methods ssh has incorporated.
-dhan
Today the server went down again, same problems with authentication
as the other times it's happened. I tried logging in with keys, and
it did not work. Why it didn't work I don't know, if anyone has any
suggestions to it (anything concrete, not just "it just proves you
have some other problem") I'd be interested to hear about them. The
log of my client machine trying to connect to the server is below:
viston% ssh host -v -ladmin
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to host [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/rawtaz/.ssh/identity type -1
debug1: identity file /Users/rawtaz/.ssh/id_rsa type 1
debug1: identity file /Users/rawtaz/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host' is known and matches the RSA host key.
debug1: Found key in /Users/rawtaz/.ssh/known_hosts:42
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
After this, it just stalls. I've had ssh connections stall for a
while other times, but only when DNS was broken and sshd_config
didn't contain "UseDNS no". Unless DNS requires some DirectoryService
or authentication stuff (the part that seems to stop working on the
server) it doesn't feel like that is what makes key-based login not
work in this case.
I've added the following to /etc/sshd_config on the server earlier,
other than this it's a default configuration:
PasswordAuthentication no
UsePAM no
Question: Has anyone else tried key-based ssh when the server is down
in the way that we're discussing in this thread? Result?
// Leo
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
