Mailinglist Archive: opensuse (2008 mails)

< Previous Next >
Re: [opensuse] ssh & root logins special? in 11.1?
  • From: Mark Goldstein <goldstein.mark@xxxxxxxxx>
  • Date: Fri, 17 Apr 2009 21:03:36 +0300
  • Message-id: <1d8633230904171103x7f8862d9r4eb07d67aae4f6e3@xxxxxxxxxxxxxx>
Hi,

On Fri, Apr 17, 2009 at 8:51 PM, Linda Walsh <suse@xxxxxxxxx> wrote:
I have 3 systems I'm playing with now and trying to bring up a new
one (its a replacement for one of the others that's starting to fail
w/hw problems).
Am having an "ssh" key-interchange/authorization issue.

Orignal sys's  A, B, work fine (A is at 10.3, B@xxxx)
New sys C, I'm installing with 11.1.

user1@a <-->    user1@a
root@a  <-->    root@b

But sys C is having probs w/roots trusting each other.
user trust is working (mutual exchange of keys)
but mutual exchange isn't working for 'root'

each user (and root) at each system as their own private
RSA key, so
there would be 3 user keys shared among the paired systems
and am sharing 3 root keys shared among the paired systems

user1@c <-->    user1@<a|b> works
root@c  <-->    root@<a|b> doesn't work

I.e, root on C can't login, pw-less to A or B and neither A nor B
can login to C password-less.

But works for user.

File and root ".ssh" dir & files permissions are same.

The config files in /etc/ssh "ssh_config" and "sshd_config" appear
identical.

I've followed the ssh from C(new) -> an old, to see where it 'fails'.
Both get to methods to proceed (pubkey or keyboard),
then both pass with an id_rsa key,
Then the working case logs in and create a channel,
but the debug(2) on 'C', instead of continuing to create a channel
says "we did not send a packet, disable method, disable method
and then goes on to require kbdint to continue.

So what is 'C' not sending for connect or receive?  Is it not
allocating a terminal maybe?

Are you sure you changed the default /etc/ssh/sshd_config and enabled
root login (PermitRootLogin yes)?
It is disabled by default.


--
Mark Goldstein
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References