Re: [9fans] ssh and pcauth

Re: [9fans] ssh and pcauth

[steve.simon]

[-- Attachment #1: Type: text/plain, Size: 729 bytes --]

I beleive you must have a factotum running, its started at boot,
so I would expect it to prompt you for a key (user & password in this case).

If this happened once and you have the wrong key
then factotum will rembember them until reboot or its
told to forget.

rob (pike) posted a neat script, delkey, a while back
to simplify the deletion of unwanted/bad keys. I don't
know why this didn't make it into the distribution.

I run a simgle plan9 machine so I have no secstore. In my
$user/lib/profile I have:

	echo  -n 'factotum '
	auth/aescbc -d < $home/lib/wallet | read -m > /mnt/factotum/ctl

This works similarly though less securely (somone could steal
my wallet and spend weeks cracking it).

-Steve

[-- Attachment #2: Type: message/rfc822, Size: 1386 bytes --]

From: 9fans@cse.psu.edu
To: 9fans@cse.psu.edu
Subject: [9fans] ssh and pcauth
Date: Fri, 29 Aug 2003 06:55:49 +0100
Message-ID: <730584430@snellwilcox.com>


When I boot from my new pcauth kernel, I cannot use ssh.

When I try to ssh from Plan 9 to Linux, the same connection that
previously worked now gives "ssh: client authentication failed"

In the wiki, there is a reference to copying
$home/lib/$user.secret.factotum to /mnt/factotum/ctl.  What is this
for ?  Is it for ssh'ing to the Plan 9 machine, or do I have to do it
?  I did it as user bootes and ssh still didn't work, and I did it as
another user and got a permission denied.

I can ssh just fine if I boot from the old pcdisk kernel.

I see no messages in the logs on the receiving side of the ssh.
However, if I connect to a non-existent or non-responding machine, the
ssh just times out, it doesn't give the error; and sniffing the
connection reveals some traffic does go between the computers when I
attempt and get the "ssh: client authenticaion failed" error.

--Rob

Re: [9fans] ssh and pcauth

[Skip Tavakkolian]

> In the wiki, there is a reference to copying
> $home/lib/$user.secret.factotum to /mnt/factotum/ctl.  What is this
> for ?  Is it for ssh'ing to the Plan 9 machine, or do I have to do it
> ?

The wiki page says that ssh_genkey is obsolete and you should check
rsa(8).  It has a complete example.

factotum is your security agent.  It talks on your behalf when any
service asks for your credentials. Very cool, espcially when used with
secstore.

[9fans] ssh and pcauth

[Rob Ristroph]

When I boot from my new pcauth kernel, I cannot use ssh.

When I try to ssh from Plan 9 to Linux, the same connection that
previously worked now gives "ssh: client authentication failed"

In the wiki, there is a reference to copying
$home/lib/$user.secret.factotum to /mnt/factotum/ctl.  What is this
for ?  Is it for ssh'ing to the Plan 9 machine, or do I have to do it
?  I did it as user bootes and ssh still didn't work, and I did it as
another user and got a permission denied.

I can ssh just fine if I boot from the old pcdisk kernel.

I see no messages in the logs on the receiving side of the ssh.
However, if I connect to a non-existent or non-responding machine, the
ssh just times out, it doesn't give the error; and sniffing the
connection reveals some traffic does go between the computers when I
attempt and get the "ssh: client authenticaion failed" error.

--Rob