Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ssh keychain not working
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
evoweiss
Veteran
Veteran


Joined: 07 Sep 2003
Posts: 1676
Location: Edinburgh, UK

PostPosted: Wed Nov 04, 2015 2:14 pm    Post subject: ssh keychain not working Reply with quote

Hi all,

For some time now I've been able to login without a password via the ssh keychain. After an openssh upgrade to 7.1 to 6.9, it has stopped working. I am not sure what has happened and I tried to redo the steps but to no avail. There doesn't appear to be anything missing in the config file, unless this has changed.

Any thoughts on where to start?

Best,

Alex

Edited: Changed the version


Last edited by evoweiss on Wed Nov 04, 2015 2:23 pm; edited 1 time in total
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 6964

PostPosted: Wed Nov 04, 2015 2:21 pm    Post subject: Reply with quote

you mean something like that?
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
i mean they default disable it, so a newer version may have totally drop the option and reenable it won't works.
Back to top
View user's profile Send private message
evoweiss
Veteran
Veteran


Joined: 07 Sep 2003
Posts: 1676
Location: Edinburgh, UK

PostPosted: Wed Nov 04, 2015 2:25 pm    Post subject: Reply with quote

krinn wrote:
you mean something like that?
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
i mean they default disable it, so a newer version may have totally drop the option and reenable it won't works.


Ah... I didn't see that earlier, thanks. I will see whether generating a new keypair using RSA works. Somehow, I think it will.

Best,

Alex
Back to top
View user's profile Send private message
evoweiss
Veteran
Veteran


Joined: 07 Sep 2003
Posts: 1676
Location: Edinburgh, UK

PostPosted: Wed Nov 04, 2015 3:08 pm    Post subject: Reply with quote

krinn wrote:
you mean something like that?
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
i mean they default disable it, so a newer version may have totally drop the option and reenable it won't works.


Unfortunately, I am still having trouble. For some reason when I log in I get the following:

Code:

Enter passphrase for key '/home/X/.ssh/id_rsa':
You have new mail in folder /var/mail/X.
 * Warning: can't find /home/X/.ssh/id_dsa; skipping

 * keychain 2.8.1 ~ http://www.funtoo.org
 * Found existing ssh-agent: 2266
 * Warning: can't find /home/X/.ssh/id_rsa; skipping


My .bashrc has the following in it:

Code:

keychain ~/.ssh/id_rsa
source ${HOME}/.keychain/${HOSTNAME}-sh


I cannot seem to add keys to ssh.

Sorry for being so terse, but I am in the middle of other things. A headache doesn't help, either :-).

Best,

Alex
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Thu Nov 05, 2015 2:44 am    Post subject: Reply with quote

evoweiss wrote:
Code:
Enter passphrase for key '/home/X/.ssh/id_rsa':
You have new mail in folder /var/mail/X.
 * Warning: can't find /home/X/.ssh/id_dsa; skipping

 * keychain 2.8.1 ~ http://www.funtoo.org
 * Found existing ssh-agent: 2266
 * Warning: can't find /home/X/.ssh/id_rsa; skipping

evoweiss ... the fact that you're asked for the pass prior to the error, and the 'found existing ssh agent', suggests that $SSH_AUTH_SOCK and $SSH_AGENT_PID are set. I'm not sure why this seems to be run twice, but I suspect you might have the same code in .bash_profile, or .bash_login, where (given that it only needs to be run for a login shell) I'd expect it to go. That not being the case then I'd suggest the following:

~/.bash_profile ... or ~/.bash_login
Code:
keychain id_rsa
[[ -n "$HOSTNAME" ]] || HOSTNAME="$(uname -n)"
[[ -f $HOME/.keychain/$HOSTNAME-sh ]] && source $HOME/.keychain/$HOSTNAME-sh

Note you'll need to start a login shell for changes to come into effect ...

Code:
$ exec bash --login
$ echo -e $SSH_AUTH_SOCK\\n$SSH_AGENT_PID

HTH & best ... khay
Back to top
View user's profile Send private message
evoweiss
Veteran
Veteran


Joined: 07 Sep 2003
Posts: 1676
Location: Edinburgh, UK

PostPosted: Fri Nov 06, 2015 10:15 am    Post subject: Reply with quote

Dear Khay,

Thanks... I was apparently making a silly mistake, likely a result of said headache and my general tiredness. All is running well now.

Best,

Alex

khayyam wrote:
evoweiss wrote:
Code:
Enter passphrase for key '/home/X/.ssh/id_rsa':
You have new mail in folder /var/mail/X.
 * Warning: can't find /home/X/.ssh/id_dsa; skipping

 * keychain 2.8.1 ~ http://www.funtoo.org
 * Found existing ssh-agent: 2266
 * Warning: can't find /home/X/.ssh/id_rsa; skipping

evoweiss ... the fact that you're asked for the pass prior to the error, and the 'found existing ssh agent', suggests that $SSH_AUTH_SOCK and $SSH_AGENT_PID are set. I'm not sure why this seems to be run twice, but I suspect you might have the same code in .bash_profile, or .bash_login, where (given that it only needs to be run for a login shell) I'd expect it to go. That not being the case then I'd suggest the following:

~/.bash_profile ... or ~/.bash_login
Code:
keychain id_rsa
[[ -n "$HOSTNAME" ]] || HOSTNAME="$(uname -n)"
[[ -f $HOME/.keychain/$HOSTNAME-sh ]] && source $HOME/.keychain/$HOSTNAME-sh

Note you'll need to start a login shell for changes to come into effect ...

Code:
$ exec bash --login
$ echo -e $SSH_AUTH_SOCK\\n$SSH_AGENT_PID

HTH & best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum