[indiana-discuss] ssh problems since build 99
Nicolas Williams
Nicolas.Williams at sun.com
Wed Dec 3 08:29:40 PST 2008
On Tue, Dec 02, 2008 at 06:47:53PM +0000, Chris Ridd wrote:
> > gnome-keyring 2.24.0 should be in snv_101a.
>
> BTW I'm still seeing the problem in 101b rc2, which AIUI is what
> shipped as 2008.11.
>
> I can work around it by unsetting SSH_AUTH_SOCK before running ssh,
> but that's obviously annoying.
There are workarounds... E.g.,
- move the keyring ssh auth sock out of the way, start an ssh-agent,
and symlink the old ssh auth sock to the new one;
- move keys you don't want in the keyring out of ~/.ssh (say, to
~/.ssh/foo/)
- this mostly affects you when you ssh to non-SunSSH servers[*], so if
you have few of those then you could just create ~/.ssh/config Host
entries for them with the PreferredAuthentications and Identity param
settings you want.
One workaround that does NOT work: deleting the keys you don't want out
of the keyring. That bloody thing is so smart to load all the keys it
can find, but not smart enough to let you remove the one you didn't want
it to load.
[*] SunSSH sshd has separate max tries parameters for "initial"
(password and keyboard-interactive) and non-initial authentication
(hostbased, pubkey, gssapi-keyex, gssapi-with-mic).
Other servers have a single such max authentication attempts
parameter, and they tend to default to very low values. E.g., the
sshd in our ILOMs. So this GNOME keyring issue tends to bite one
when accessing ILOMs.
Nico
--
More information about the indiana-discuss
mailing list