* Re: [9fans] ssh and pcauth
[not found] <730584430@snellwilcox.com>
@ 2003-08-29 9:29 ` steve.simon
0 siblings, 0 replies; 3+ messages in thread
From: steve.simon @ 2003-08-29 9:29 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 729 bytes --]
I beleive you must have a factotum running, its started at boot,
so I would expect it to prompt you for a key (user & password in this case).
If this happened once and you have the wrong key
then factotum will rembember them until reboot or its
told to forget.
rob (pike) posted a neat script, delkey, a while back
to simplify the deletion of unwanted/bad keys. I don't
know why this didn't make it into the distribution.
I run a simgle plan9 machine so I have no secstore. In my
$user/lib/profile I have:
echo -n 'factotum '
auth/aescbc -d < $home/lib/wallet | read -m > /mnt/factotum/ctl
This works similarly though less securely (somone could steal
my wallet and spend weeks cracking it).
-Steve
[-- Attachment #2: Type: message/rfc822, Size: 1386 bytes --]
From: 9fans@cse.psu.edu
To: 9fans@cse.psu.edu
Subject: [9fans] ssh and pcauth
Date: Fri, 29 Aug 2003 06:55:49 +0100
Message-ID: <730584430@snellwilcox.com>
When I boot from my new pcauth kernel, I cannot use ssh.
When I try to ssh from Plan 9 to Linux, the same connection that
previously worked now gives "ssh: client authentication failed"
In the wiki, there is a reference to copying
$home/lib/$user.secret.factotum to /mnt/factotum/ctl. What is this
for ? Is it for ssh'ing to the Plan 9 machine, or do I have to do it
? I did it as user bootes and ssh still didn't work, and I did it as
another user and got a permission denied.
I can ssh just fine if I boot from the old pcdisk kernel.
I see no messages in the logs on the receiving side of the ssh.
However, if I connect to a non-existent or non-responding machine, the
ssh just times out, it doesn't give the error; and sniffing the
connection reveals some traffic does go between the computers when I
attempt and get the "ssh: client authenticaion failed" error.
--Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9fans] ssh and pcauth
2003-08-29 5:55 Rob Ristroph
@ 2003-08-29 6:46 ` Skip Tavakkolian
0 siblings, 0 replies; 3+ messages in thread
From: Skip Tavakkolian @ 2003-08-29 6:46 UTC (permalink / raw)
To: 9fans
> In the wiki, there is a reference to copying
> $home/lib/$user.secret.factotum to /mnt/factotum/ctl. What is this
> for ? Is it for ssh'ing to the Plan 9 machine, or do I have to do it
> ?
The wiki page says that ssh_genkey is obsolete and you should check
rsa(8). It has a complete example.
factotum is your security agent. It talks on your behalf when any
service asks for your credentials. Very cool, espcially when used with
secstore.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [9fans] ssh and pcauth
@ 2003-08-29 5:55 Rob Ristroph
2003-08-29 6:46 ` Skip Tavakkolian
0 siblings, 1 reply; 3+ messages in thread
From: Rob Ristroph @ 2003-08-29 5:55 UTC (permalink / raw)
To: 9fans
When I boot from my new pcauth kernel, I cannot use ssh.
When I try to ssh from Plan 9 to Linux, the same connection that
previously worked now gives "ssh: client authentication failed"
In the wiki, there is a reference to copying
$home/lib/$user.secret.factotum to /mnt/factotum/ctl. What is this
for ? Is it for ssh'ing to the Plan 9 machine, or do I have to do it
? I did it as user bootes and ssh still didn't work, and I did it as
another user and got a permission denied.
I can ssh just fine if I boot from the old pcdisk kernel.
I see no messages in the logs on the receiving side of the ssh.
However, if I connect to a non-existent or non-responding machine, the
ssh just times out, it doesn't give the error; and sniffing the
connection reveals some traffic does go between the computers when I
attempt and get the "ssh: client authenticaion failed" error.
--Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-29 9:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <730584430@snellwilcox.com>
2003-08-29 9:29 ` [9fans] ssh and pcauth steve.simon
2003-08-29 5:55 Rob Ristroph
2003-08-29 6:46 ` Skip Tavakkolian
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).