From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sam To: <9fans@cse.psu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [9fans] factotum/ssh issue Date: Mon, 11 Nov 2002 09:43:23 -0500 Topicbox-Message-UUID: 1a06bda8-eacb-11e9-9e20-41e7f4b1d025 Hola, We finally stopped working long enough to upgrade to 4e last week and I have to admit, the first time I was auto-login'd to a remote unix box after having stored the key in factotum I was exuberant. I have a minor nitpick, though. When I ssh'd into a unix box for the first time I was prompted to add the key (not real security, but good enough for me), then I was asked for the password to the machine. My trigger happy finger decided to hit enter, thereby entering a nil password and failing to authenticate. Further attempts to ssh into the machine failed because factotum stored the incorrect password. I needed to become accustomed to key management with factotum anyway, but it still seems improper to store the password if password authentication fails. I looked at removing the server key if ssh password authentication fails, but there doesn't seem to be an rpc mechanism in factotum to do this. Cheers, Sam