[ILUG] ssh wierdness
Niall O Broin
niall at linux.ie
Fri Feb 24 12:59:03 GMT 2006
On 24 Feb 2006, at 12:28, conor at discuskeeping.com wrote:
> 1. I have copied id_rsa.pub across to accounts (oracle) on two nodes
> 2. Testing ssh machine1 or ssh machine2 both allow access with rsa keys
> 3. ssh machine1 date
> works, no password needed.
> 4. ssh machine2 date
> prompts for the passwd.
EINCONSISTENT - you said in 2. that "ssh machine1 or ssh machine2 both
allow access with rsa keys bi-directionally" (though I'm not sure what
you mean by bidirectionally) but then you said in 4. that ssh
machine2 date asks for a password. So can you clarify what the problem
is, and what you want to do?
I find that very many ssh key forwarding problems are permission
related, even when you're sure they're not :-) I also find that the ssh
debug methods of choice are
1) ssh -v from local to remote (but often not too helpful)
2) Run a debugging server on remote with
sshd -d -p 222
which will stay in the foreground.
and then from local run ssh -p 222 remote
The output from the sshd is often most informative.
A further variant on that is to run
sshd -d -f /dev/null -p 222
which can help see if something in your sshd configuration file is
> The only difference I can tell is :
> [root at machine2 ~]# ps -ef | grep -i ssh-agent
> oracle 30200 1 0 Feb23 ? 00:00:00 ssh-agent
> root 12106 6136 0 13:06 pts/1 00:00:00 grep -i ssh-agent
> [root at machine1 ~]# ps -ef | grep -i ssh-agent
> root 10188 1 0 Feb21 ? 00:00:00 /usr/bin/ssh-agent -s
> root 17188 14080 0 13:03 pts/1 00:00:00 grep -i ssh-agent
red herrings - the ssh agent you're concerned with is the one running
on your LOCAL box. the above are ssh agents running for oracle (on
machine2) and for root (on machine1) but they have nothing to do with
your ssh connections from your local box.
More information about the ILUG