[opensuse-security] Can't do ssh as user - openSUSE Security

20 Oct 2010


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
I can't do ssh as user from inside gnome, it works from VT.
To the root account works, too.
cer@Telcontar:~> ssh localhost
Received disconnect from ::1: 2: Too many authentication failures for cer
Fails locally or to my laptop. And as said, works from the console.
My guess is that gnome key-agent is caching a non-existing publick key, 
and offering it to the server, till this one refuses.
Oct 20 22:22:54 Telcontar sshd[18584]: Connection from ::1 port 56303
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Client protocol version 2.0; client software version OpenSSH_5.2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: match: OpenSSH_5.2 pat OpenSSH*
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Enabling compatibility mode for protocol 2.0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Local version string SSH-2.0-OpenSSH_5.2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: initializing for "cer"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_RHOST to "localhost"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys2
Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2
Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2
Thats six attempts -> failure.
Ah, file "/home/cer/.ssh/authorized_keys2" does not exist.
Is it possible to force password authentication for a session? Or to 
disable the agent for a session?
[...]
I found this:
cer@Telcontar:~> set | grep ssh
CVS_RSH=ssh
SSH_AUTH_SOCK=/tmp/keyring-CZzKCQ/socket.ssh
cer@Telcontar:~>
Then:
cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -a localhost
Password:
Last login: Wed Oct 20 22:18:23 2010 from localhost
Have a lot of fun...
So, that works...
Is this a bug?
- -- 
Cheers,
        Carlos E. R.
        (from 11.2 x86_64 "Emerald" at Telcontar)
...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAky/Vb4ACgkQtTMYHG2NR9XN2ACgi5KXbYbD+6yg5e65MsDjyis5
SAEAnihnoqFpZ17LdEYz3kmciTU7t57s
=TCKR
-----END PGP SIGNATURE-----
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org