9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: Dworkin Muller <dlm-9fans@weaselfish.com>
To: 9fans@9fans.net
Subject: Re: [9fans] getting 9front ssh to use RSA key?
Date: Mon, 25 Jan 2021 18:37:43 -0700 (MST)	[thread overview]
Message-ID: <20210125.183743.419956603653135590.dworkin@weaselfish.com> (raw)
In-Reply-To: <31A2AD03A3AF323CCFA1FA3FA0616133@eigenstate.org>

On Mon, 25 Jan 2021 07:52:42 -0800, ori@eigenstate.org wrote:
ori> First off, sanity check: are you running ssh in the same
ori> namespace as the factotum?
ori> 
ori> Are you using a drawterm factotum, or are you using one
ori> started from within your session?
ori> 
ori> you redacted a lot of the factotum value -- does the value in factotum
ori> have all of these fields?
ori> 
ori>         key proto=rsa service=ssh size=2048 ek=10001 n=... !dk? !p? !q? !kp? !kq? !c2?
ori> 
ori> finally, can you paste the output of 'ssh -d yoursystem'?

Apologies for the lack of detail in previous messages.  It's kind of
awkward to get transcripts when the machine doesn't want to talk to
anything else.  I've managed to get password-based ssh to work, so now
I dump to a file and transfer it over via "cat ... | ssh sh -c 'cat >
output'".  The need at this point is to get it working without
requiring password authentication enabled on the remote systems.

Taking these in order, my interpretation of what I'm doing/seeing is
(raw data is included afterwards):

- Booting as a terminal.  /env/service says ``terminal'', and I've not
  knowingly set up anything other than a terminal.
- Using the factotum started at boot.
- The terminal's running as a VM under VMware Fusion, and I'm using
  the console window provided by Fusion.  As an aside, I noticed that
  the original Plan 9 distribution knew how to play with Fusion to
  allow cut/paste, etc, but 9front doesn't; not sure how to get that
  to work - that's a problem for another time, though.
- What's in factotum appears to have all the fields you mention.
- The ssh transcript is attached.  I can do an "ssh -d -d" if you
  prefer, as well provide the public host keys and my public key if
  that would help.  I'd rather not give the private key, but
  generating a new one's not that hard and the machines involved
  aren't externally accessible, so I can do that too if it would
  help.

I used pstree(1) just to cover all the bases regarding inheritance.
help.  The middle of "n" from /mnt/factotum/ctl was elided simply for
readability.

Thanks much for looking at this stupid newby problem.

Dworkin


term% pstree > foo
1           ├bootrc /bin/bootrc
3           │├pager
4           │├mouse
6           │├alarm
96          │└/amd64/init -t
295         │ └rc -c '. /rc/bin/termrc; home=/usr/$user; cd && . ./lib/profile'
455         │  └rio -i riostart
458         │   ├rio [mouseproc]
459         │   ├rio [kbdproc]
460         │   ├rio [TIMERPROC]
461         │   ├rio [WCTLPROC]
462         │   └rio [FILSYSPROC]
8           ├paqfs
10          ├mntgen
14          ├mntgen
17          ├mntgen
28          ├aoesweep
33          ├rxmitproc
35          ├#l0lproc
36          ├#l0rproc
62          ├kbdfs
63          │└kbdfs [ctlproc]
64          │ ├kbdfs [mctlproc]
65          │ ├kbdfs [scanproc]
66          │ └kbdfs [intrproc]
216         ├factotum
725         │└factotum
264         ├cwfs64x [srvo]
265         ├cwfs64x [srvi stdio]
266         ├cwfs64x [srvo]
267         ├cwfs64x [srvi #s/cwfs]
268         ├cwfs64x [con]
269         ├cwfs64x [rah]
270         ├cwfs64x [srv]
271         ├cwfs64x [srv]
272         ├cwfs64x [srv]
273         ├cwfs64x [srv]
274         ├cwfs64x [srv]
275         ├cwfs64x [srv]
276         ├cwfs64x [srv]
277         ├cwfs64x [srv]
278         ├cwfs64x [srv]
279         ├cwfs64x [srv]
280         ├cwfs64x [srv]
281         ├cwfs64x [srv]
282         ├cwfs64x [srv]
283         ├cwfs64x [srv]
284         ├cwfs64x [srv]
286         ├cwfs64x [wcp]
287         ├cwfs64x [scp]
325         ├cs [/net]
359         ├etherread4
360         ├etherread6
361         ├recvarpproc
370         ├ipconfig [dhcpwatch on /net/ether0]
376         ├dns [/net]
380         ├timesync
385         ├realemu
386         │└realemu [cpuproc]
445         ├webcookies
448         ├webfs
451         ├plumber
452         │└plumber
471         ├stats -lmisce
501         │├stats
502         │├stats
503         │└stats
483         ├rc -c '/bin/window -x cat /dev/kprint '
485         │└cat /dev/kprint
486         ├rc -c '/bin/window -x acme '
488         │└acme
497         │ ├acme [timerproc]
498         │ ├acme [mouseproc]
499         │ ├acme [kbdproc]
500         │ ├acme [plumbproc]
504         │ ├acme
505         │ └acme [acmeerrorproc]
508         ├rc -i
1418        │└pstree
514         ├#I0ilack
516         ├#I0tcpack
1417        └closeproc
1419         └closeproc


term% cat /mnt/factotum/ctl >> foo
key proto=rsa service=ssh size=2048 ek=10001 n=8DA505[...]46A9D02F !dk? !p? !q? !kp? !kq? !c2?


term% ssh -d lethe >> foo
server verison: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
kexalgs: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
hostalgs: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
cipher1: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
cipher2: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
mac1: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
mac2: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
zip1: none,zlib@openssh.com
zip2: none,zlib@openssh.com
lang1: 
lang2:
host fingerprint: GaqQLmeZje1D03tR8B78KvJOtoUJiL5Anhi3BXWXWwQ
userauth none ok
userauth none failed: partial=0, next=publickey
userauth none skipped
userauth publickey ok
userauth publickey failed: partial=0, next=publickey
userauth publickey ok
userauth password skipped
userauth keyboard-interactive skipped
ssh: auth: no key matches proto=rsa service=ssh role=client

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Td072863a97c9d3e9-M967fce2ff51931fcd1718dca
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

  reply	other threads:[~2021-01-26  1:37 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-25  6:23 Dworkin Muller
2021-01-25  6:33 ` ori
2021-01-25  7:56   ` Dworkin Muller
2021-01-25 15:52     ` ori
2021-01-26  1:37       ` Dworkin Muller [this message]
2021-01-26  1:54         ` Alex Musolino
2021-01-26  2:34           ` Dworkin Muller
2021-01-26  2:49             ` Alex Musolino
2021-01-26  3:01               ` Dworkin Muller
2021-01-26  3:08             ` ori
2021-01-26  3:44               ` Dworkin Muller
2021-01-26  2:35           ` Alex Musolino
2021-01-25 12:14   ` Richard Miller
2021-01-25 23:44     ` Dworkin Muller
2021-01-26  0:02       ` ori

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210125.183743.419956603653135590.dworkin@weaselfish.com \
    --to=dlm-9fans@weaselfish.com \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).