[indiana-discuss] ssh problems since build 99
Chris Ridd
chrisridd at mac.com
Thu Dec 4 03:35:53 PST 2008
On 3 Dec 2008, at 16:29, Nicolas Williams wrote:
> On Tue, Dec 02, 2008 at 06:47:53PM +0000, Chris Ridd wrote:
>>> gnome-keyring 2.24.0 should be in snv_101a.
>>
>> BTW I'm still seeing the problem in 101b rc2, which AIUI is what
>> shipped as 2008.11.
>>
>> I can work around it by unsetting SSH_AUTH_SOCK before running ssh,
>> but that's obviously annoying.
>
> There are workarounds... E.g.,
>
> - move the keyring ssh auth sock out of the way, start an ssh-agent,
> and symlink the old ssh auth sock to the new one;
So one of my problems is that I've got ssh-agent fighting with the
newfangled GNOME keyring. The ssh-agent stuff is sort of historical,
so I'll stop all that and just embrace the GNOME way.
It doesn't solve the "too many failures" problem, but it seems like a
good idea.
> - move keys you don't want in the keyring out of ~/.ssh (say, to
> ~/.ssh/foo/)
Yes, that's the real workaround.
> - this mostly affects you when you ssh to non-SunSSH servers[*], so if
> you have few of those then you could just create ~/.ssh/config Host
> entries for them with the PreferredAuthentications and Identity
> param
> settings you want.
It still affects me sshing to SunSSH servers too :-(
> One workaround that does NOT work: deleting the keys you don't want
> out
> of the keyring. That bloody thing is so smart to load all the keys it
> can find, but not smart enough to let you remove the one you didn't
> want
> it to load.
Yep. The GNOME docs <http://live.gnome.org/GnomeKeyring/Ssh> describe
this, and suggest that selecting particular keys will be a feature of
the next version of GNOME keyring. Not a bug fix :-)
Cheers,
Chris
More information about the indiana-discuss
mailing list