From: Richard Miller <9fans@hamnavoe.com>
To: lucio@proxima.alt.za, 9fans@9fans.net
Subject: Re: [9fans] SSH server
Date: Fri, 27 Nov 2009 10:00:18 +0000 [thread overview]
Message-ID: <d647b5ee08eac1f29f7d9715c6356dbd@hamnavoe.com> (raw)
In-Reply-To: <5b114e608367579fc3e933950ff31eb5@proxima.alt.za>
> The failure mode was reported as a missing "service=sshserve" key in
> factotum, whereas it seems to have been a file access (permissions?)
> problem (none can't get where eve can). That none can Bopen()
> /mnt/factotum/ctl but can't read its contents is also a bit strange.
Reading /mnt/factotum/ctl only gives you the keys you are allowed to use.
factotum(4) says:
The factotum owner can use any key stored by factotum. Any
key may have one or more owner attributes listing the users
who can use the key as though they were the owner. For
example, the TLS and SSH host keys on a server often have an
attribute owner=* to allow any user (and in particular,
`none') to run the TLS or SSH server-side protocol.
Therefore the example in ssh(1) for generating a key should say:
auth/rsagen -t 'service=sshserve owner=*' >/mnt/factotum/ctl
next prev parent reply other threads:[~2009-11-27 10:00 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-27 4:18 lucio
2009-11-27 10:00 ` Richard Miller [this message]
2009-11-27 10:30 ` lucio
2009-11-27 14:16 ` Charles Forsyth
[not found] <3327f69dce9b47312a2241e1237c21cc@terzarima.net>
2009-11-27 14:24 ` lucio
[not found] <<d647b5ee08eac1f29f7d9715c6356dbd@hamnavoe.com>
2009-11-27 14:52 ` erik quanstrom
2009-11-27 15:18 ` lucio
2009-11-27 15:21 ` Richard Miller
2009-11-27 15:24 ` lucio
2009-11-27 15:26 ` lucio
[not found] <<7c1427995df1b87ae465a79ab9efda18@proxima.alt.za>
2009-11-27 15:18 ` erik quanstrom
2009-11-27 15:22 ` lucio
[not found] <<f1b2f4c5f8d6de82065fd8e1fbc3f4c0@hamnavoe.com>
2009-11-27 16:23 ` erik quanstrom
2009-11-27 17:29 ` lucio
[not found] <<6762cbd7bf173e42934a64dc83c8c058@proxima.alt.za>
2009-11-27 16:27 ` erik quanstrom
[not found] <<2bbd9d864595a511b56be74fdbc2731a@proxima.alt.za>
2009-11-30 1:18 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d647b5ee08eac1f29f7d9715c6356dbd@hamnavoe.com \
--to=9fans@hamnavoe.com \
--cc=9fans@9fans.net \
--cc=lucio@proxima.alt.za \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).