Re: X11-users Digest, Vol 13, Issue 125
Re: X11-users Digest, Vol 13, Issue 125
- Subject: Re: X11-users Digest, Vol 13, Issue 125
- From: Richard Gronostajski <email@hidden>
- Date: Wed, 14 Dec 2016 16:19:35 -0500
I just noticed that in 10.12.2 when I went to look up passwords stored in Safari there was a new interface and it required a system password before it would even let me see my password list. Hard to see how that would affect RSA key passwords, but it may be additional password security in 10.12.2. My X sessions are running fine but we don’t do RSA verification.
Rich
On Dec 14, 2016, at 4:08 PM, email@hidden wrote:
Send X11-users mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.apple.com/mailman/listinfo/x11-users
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific
than "Re: Contents of X11-users digest..."
Today's Topics:
1. Terminal and keychain? (Weller, Robert A)
2. Re: Terminal and keychain? (Brandon Allbery)
3. Re: Terminal and keychain? (Weller, Robert A)
4. Re: Terminal and keychain? (Brandon Allbery)
5. Re: Terminal and keychain? (Tim Jenness)
----------------------------------------------------------------------
Message: 1
Date: Wed, 14 Dec 2016 20:28:36 +0000
From: "Weller, Robert A" <email@hidden>
To: "email@hidden" <email@hidden>
Subject: Terminal and keychain?
Message-ID: <email@hidden>
Content-Type: text/plain; charset=utf-8
Has something changed recently that would break the communication between the terminal and keychain when initiating an ssh session?
For as long as I can remember I have not had to manually unlock an RSA key, and suddenly across all of my machines this has become necessary. I tried an ssh-add -K and that seemed to work once, but later when I was going back to one of my remote machines, it once gain asked for the RSA key password.
I’m not sure that this is an appropriate question for this list, but if not, I really don’t know who to ask.
Thanks,
RW
------------------------------
Message: 2
Date: Wed, 14 Dec 2016 15:33:29 -0500
From: Brandon Allbery <email@hidden>
To: "Weller, Robert A" <email@hidden>
Cc: "email@hidden" <email@hidden>
Subject: Re: Terminal and keychain?
Message-ID:
<email@hidden>
Content-Type: text/plain; charset="utf-8"
On Wed, Dec 14, 2016 at 3:28 PM, Weller, Robert A <
email@hidden> wrote:
> Has something changed recently that would break the communication between
> the terminal and keychain when initiating an ssh session?
>
> For as long as I can remember I have not had to manually unlock an RSA
> key, and suddenly across all of my machines this has become necessary. I
> tried an ssh-add -K and that seemed to work once, but later when I was
> going back to one of my remote machines, it once gain asked for the RSA key
> password.
>
> I’m not sure that this is an appropriate question for this list, but if
> not, I really don’t know who to ask.
>
Did you change anything else? We already know that recent Sierra updates
changed the default configuration of ssh in ways that affected X11
forwarding; possibly they also disabled the agent by default, or caused it
to time out.
--
brandon s allbery kf8nh sine nomine associates
email@hidden email@hidden
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.apple.com/archives/x11-users/attachments/20161214/e0c0a5c9/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 14 Dec 2016 20:53:00 +0000
From: "Weller, Robert A" <email@hidden>
To: Brandon Allbery <email@hidden>
Cc: "email@hidden" <email@hidden>
Subject: Re: Terminal and keychain?
Message-ID: <email@hidden>
Content-Type: text/plain; charset="utf-8"
Thanks for the quick response.
No. No changes. I first noticed it on a brand new MacBook Pro, but I checked two other computers that have not had that stuff touched in ages and both of them are asking for the RSA key passwords as well. I set this up so long ago on these two machines that I would be hard pressed to remember what I did. This one is a 2012 MBP that I’m just replacing now. It’s my “research” machine. The other is my “home” machine. It’s an Air, but it’s also a couple of years old and very stable.
I don’t recall the last time that things worked as expected but it can’t have been longer ago than Monday, I think. I updated the OS yesterday and last night on all of these machines to 10.12.2. If I were a betting person, I’d bet that that broke it. I’ve got one other machine at home that I can check on that hasn’t been upgraded yet. I’m going to guess that it will be ok, although I use the terminal and ssh with it much less than with the three I just mentioned.
Bob
On 14-Dec-2016, at 14:33 , Brandon Allbery <email@hidden<mailto:email@hidden>> wrote:
On Wed, Dec 14, 2016 at 3:28 PM, Weller, Robert A <email@hidden<mailto:email@hidden>> wrote:
Has something changed recently that would break the communication between the terminal and keychain when initiating an ssh session?
For as long as I can remember I have not had to manually unlock an RSA key, and suddenly across all of my machines this has become necessary. I tried an ssh-add -K and that seemed to work once, but later when I was going back to one of my remote machines, it once gain asked for the RSA key password.
I’m not sure that this is an appropriate question for this list, but if not, I really don’t know who to ask.
Did you change anything else? We already know that recent Sierra updates changed the default configuration of ssh in ways that affected X11 forwarding; possibly they also disabled the agent by default, or caused it to time out.
--
brandon s allbery kf8nh sine nomine associates
email@hidden<mailto:email@hidden> email@hidden<mailto:email@hidden>
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net<http://sinenomine.net/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.apple.com/archives/x11-users/attachments/20161214/933e2d7f/attachment-0001.html>
------------------------------
Message: 4
Date: Wed, 14 Dec 2016 15:56:01 -0500
From: Brandon Allbery <email@hidden>
To: "Weller, Robert A" <email@hidden>
Cc: "email@hidden" <email@hidden>
Subject: Re: Terminal and keychain?
Message-ID:
<email@hidden>
Content-Type: text/plain; charset="utf-8"
On Wed, Dec 14, 2016 at 3:53 PM, Weller, Robert A <
email@hidden> wrote:
> last night on all of these machines to 10.12.2
That'd be the change I meant. Apple did something with ssh; possibly
including breaking its keychain integration :/
--
brandon s allbery kf8nh sine nomine associates
email@hidden email@hidden
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.apple.com/archives/x11-users/attachments/20161214/150bbb2e/attachment-0001.html>
------------------------------
Message: 5
Date: Wed, 14 Dec 2016 14:07:56 -0700
From: Tim Jenness <email@hidden>
To: "Weller, Robert A" <email@hidden>
Cc: "email@hidden" <email@hidden>
Subject: Re: Terminal and keychain?
Message-ID:
<CA+G92Rdfk_zuZAaP3b+tRmroSFnDmiFqCgu4F=email@hidden>
Content-Type: text/plain; charset="utf-8"
On Wed, Dec 14, 2016 at 1:53 PM, Weller, Robert A <
email@hidden> wrote:
> Thanks for the quick response.
>
> I don’t recall the last time that things worked as expected but it can’t
> have been longer ago than Monday, I think. I updated the OS yesterday and
> last night on all of these machines to 10.12.2. If I were a betting person,
> I’d bet that that broke it.
>
I discovered the same problem today just before your email arrived. I
updated from 10.12.1 to 10.12.2 last night. It was working fine yesterday.
--
Tim Jenness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.apple.com/archives/x11-users/attachments/20161214/2ece9cad/attachment.html>
------------------------------
_______________________________________________
X11-users mailing list
email@hidden
https://lists.apple.com/mailman/listinfo/x11-users
End of X11-users Digest, Vol 13, Issue 125
******************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden