[ILUG] ssh wierdness

[Niall O Broin]

On 24 Feb 2006, at 12:28, conor at discuskeeping.com wrote:

> 1. I have copied id_rsa.pub across to accounts (oracle) on two nodes
> 2. Testing ssh machine1 or ssh machine2 both allow access with rsa keys
> bi-directionally
> 3. ssh machine1 date
> works, no password needed.
> 4. ssh machine2 date
> prompts for the passwd.


EINCONSISTENT - you said in 2. that "ssh machine1 or ssh machine2 both 
allow access with rsa keys bi-directionally" (though I'm not sure what 
you mean by bidirectionally) but then you said in 4. that     ssh 
machine2 date  asks for a password. So can you clarify what the problem 
is, and what you want to do?

I find that very many ssh key forwarding problems are permission 
related, even when you're sure they're not :-) I also find that the ssh 
debug methods of choice are

1) ssh -v  from local to remote (but often not too helpful)

and

2) Run a debugging server on remote with

sshd -d -p 222

which will stay in the foreground.


and then from local run   ssh -p 222 remote

The output from the sshd is often most informative.

A further variant on that is to run

sshd -d -f /dev/null -p 222

which can help see if something in your sshd configuration file is 
causing grief.

> The only difference I can tell is :
>
> [root at machine2 ~]# ps -ef | grep -i ssh-agent
> oracle   30200     1  0 Feb23 ?        00:00:00 ssh-agent
> root     12106  6136  0 13:06 pts/1    00:00:00 grep -i ssh-agent
>
> [root at machine1 ~]# ps -ef | grep -i ssh-agent
> root     10188     1  0 Feb21 ?        00:00:00 /usr/bin/ssh-agent -s
> root     17188 14080  0 13:03 pts/1    00:00:00 grep -i ssh-agent

red herrings - the ssh agent you're concerned with is the one running 
on your LOCAL box. the above are ssh agents running for oracle (on 
machine2) and for root (on machine1) but they have nothing to do with 
your ssh connections from your local box.



Niall