[SGVLUG] SSH Keys / Trusted Authentication

Sean O'Donnell sodonnell at childrensoncologygroup.org
Wed May 3 19:55:43 PDT 2006


I'm sorry all, I must apologize for this comment...

"We admin our own workstations essentially, due to our stereotypical lazy/slacker admin, who is no longer here." 

I meant to add a "*J\k* =)" at the end, that came out all wrong. =/

Anyhow...

[claude] "What exactly do you mean by "trust"?  What kind of errors are you getting?" 

No errors, just a password prompt. =/

[claude] "So just to be clear here, you mean once you got ssh keys working, you
weren't having to enter your password each time?"

correct

[claude] "yuppers, i elected to do the same.   Changed both my linux uid and gid
to match my solaris uid but my solaris gid is 25!   Looking at
/etc/group on my linux box, 25 is not in use by 24 is utmp and the
next is usb at 43.  Does anyone know what kind of problem I may run
into if I change my linux gid to 25?"

you may have to chgrp your files, which I assume would assign it the new gid(int), even though the gid(str) is the same, although I'm just guessing, so I'm probably wrong. =)

[claude] "your uid and gid are the same or do you mean your Linux uid matches your Solaris uid and your Linux gid matches your Solaris gid? I believe most Linux distros now create a dedicated group id that matches your user id since this makes it easier to manage group access."

The CVS/SSH server is running on Debian, and my workstation is running Slackware. The LDAP Server is running on Redhat.

My co-worker who is running on Gentoo has the same prob, although he has never been able to get it to work, where as I was before the gid change. 

I believe Gentoo and Redhat do match the uid with a dedicated gid, but Slackware doesn't (by default).

[claude] "one of the suggestions i got was to set the setgid bit on my
directories so that whenever i create a file (or directory), the group
permission will be of the parent directory.   i'm considering this as
a work around so i don't have to redo my gid on my linux box yet
again."

hmm... haven't tried that.

[claude] "something else could have changed.  Have you tried logging in via ssh
with verbose mode to see if there are any warnings or errors?"

no warnings or errors, it just gets to the password method and then prompts. =/

debug1: Next authentication method: password
myid at mylocalhost's password: (prompt)

[claude] "btw, I've been playing with lincvs which is a gui fronend for cvs that
supports ssh.  does pretty side-by-side diffs with various cvs
revisions.  check it out."

nice, does it support tagging and log analysis? 

I'm currently using a perl script for doing automated deployments to multiple servers. It's a bit archaic, but it saves a lot of repititious clicks and typing. =)

Thanks!

Sean O'Donnell
Programmer Analyst (PHP)
Children's Oncology Group (COG)
CureSearch Technology Group (CTG)

440 E. Huntinton Dr. 2nd Floor
Arcadia, CA 91066

[office] (626) 241-1752
[email] sodonnell at cogmembers.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4355 bytes
Desc: not available
Url : http://www.sgvlug.net/pipermail/sgvlug/attachments/20060503/1198fcaa/attachment-0001.bin


More information about the SGVLUG mailing list