Re: ssh & X11 Authentication Issue - Advice Please
Anonymous coward <trevor@yarde.com> writes:
>>Anonymous coward <trevor@yarde.com> writes: I have to admit that is
>>funny =)
>
>>I would first check /etc/ssh/sshd_config in `aspen', and see if
>>"ChallengeResponseAuthentication" is enabled.
>
>I made this change in my $home/.ssh/config file. If I am not mistake,
>I am fairly new to this ssh stuff, this would be my user config that
>would take presidence over my system wide settings.
>
>$home/.ssh/config
>ForwardAgent yes
>ForwardX11 yes
>ChallengeResponseAuthentication yes <-- I just entered this - no
>noticable change
Hi there.
What I really meant was to check if ChallengeResponseAuthentication was
enabled in the _server_ config, usually /etc/ssh/sshd_config (note the
"d"). ~/.ssh/config is read only by your ssh client, on the machine
which starts the connection (and overrides /etc/ssh/ssh_config, IIRC).
If the server has it disabled, you can fiddle for ages with your user
settings without change ;-)
>Chris,
>I also made a change and added the 'PasswordAuthenticaton no', for
>testing. At this point I can get to the 1st server, but then I am
>denied access to the other servers. This has me thinking that maybe my
>keys are botched up a bit ? Maybe I need to start from scratch on
>setting this up.. or perhals simply add more keys..
I don't think so. If your setup was workin with server A but not with B,
I'll rather check:
- Vendor (SSH/OpenSSH) and version (2.x.y, 3.z.w, etc) of sshd in each
server.
- ssh server config's differences between A and B; this includes
* enabled authentication methods
* SSH protocol version (1 and/or 2) enabled
- If possible, sshd's logs of connection attempts to A and B (note:
server logs, you'll need superuser privileges for this)
>X11 forwarding is not the problem, this is for X... correct ? the
>authentication issue.. that is bothering me is the password
>prompting.. That would be key related .. ??
Exactly. You can have (or not) X11 forwarding regardless of the
authentication method being used. Compression is (almost always) nice
also :-)
--
Cristian Gutierrez http://www.dcc.uchile.cl/~crgutier
crgutier[@]dcc.uchile.cl Jabber:crgutier@jabber.org
"Profanity is the one language all programmers know best."
Reply to: