From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <d647b5ee08eac1f29f7d9715c6356dbd@hamnavoe.com>
To: lucio@proxima.alt.za, 9fans@9fans.net
From: Richard Miller <9fans@hamnavoe.com>
Date: Fri, 27 Nov 2009 10:00:18 +0000
In-Reply-To: <5b114e608367579fc3e933950ff31eb5@proxima.alt.za>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] SSH server
Topicbox-Message-UUID: a3a2b0da-ead5-11e9-9d60-3106f5b1d025

> The failure mode was reported as a missing "service=sshserve" key in
> factotum, whereas it seems to have been a file access (permissions?)
> problem (none can't get where eve can).  That none can Bopen()
> /mnt/factotum/ctl but can't read its contents is also a bit strange.

Reading /mnt/factotum/ctl only gives you the keys you are allowed to use.

factotum(4) says:

          The factotum owner can use any key stored by factotum.  Any
          key may have one or more owner attributes listing the users
          who can use the key as though they were the owner.  For
          example, the TLS and SSH host keys on a server often have an
          attribute owner=* to allow any user (and in particular,
          `none') to run the TLS or SSH server-side protocol.

Therefore the example in ssh(1) for generating a key should say:

	auth/rsagen -t 'service=sshserve owner=*' >/mnt/factotum/ctl