Ssh keys problem

Andy Green andy at warmcat.com
Tue Mar 21 11:10:06 UTC 2006 

Anne Wilson wrote:
> On Tuesday 21 March 2006 10:25, Andy Green wrote:
>> Anne Wilson wrote:
>>> Warning - the authenticity of host 'borg (127.0.0.1)'... can't be
>>> established RSA key fingerprint is ......
>>> Are you sure you want to continue?
>>>
>>> Permanently added 'borg' (RSA) to the list of known hosts.
>>>
>>>
>>> It's perfectly possible that, when I made a boo-boo on transfering some
>>> files from my home directory a couple of days ago, I could have
>>> overwritten something.  In fact, I think that's the most likely reason. 
>>> Question is, though, how do I go about troubleshooting this?  Should I
>>> delete the .ssh directory on the remote box so that I have to start
>>> afresh there?
>> Put simply, borg was not in your clientside ~/.ssh/known_hosts.  When
>> you said yes, it was added.  There's nothing to troubleshoot about that,
>> from now on ssh connects to borg will be checked against the signature
>> stored now in your known_hosts, silently unless borg's signature changes
>> (because it is another machine trying to fake you out, or because you
>> reinstalled the OS on borg, etc).
>>
> It's strange, though, as I had used it before.

Did you not mention some things got nuked?  If you nuked 
~/.ssh/known_hosts this is what you could expect.

>> When you run ssh-agent, it prints out some shell commands to set
>> environment vars.  You need to make sure that the environment you run
>> ssh from has those vars in it, otherwise ssh cannot communicate with
>> ssh-agent.
>>
> I'm not sure I understand, Andy.  Putting your comments together with my 
> experience of gpg, are you saying that ssh-agent isn't running?  If so, I 

No.

> presume that I need to add it to startup scripts.

No need to be in the dark, find out if it is running, with

ps -Af | grep ssh-agent

What I was telling you is that is does not matter is ssh-agent is 
running or not, if the shell you run ssh from does not have the 
environment vars spat out by ssh-agent in it, then ssh will not be able 
to communicate with ssh-agent.  One of the magic vars spat out by 
ssh-agent is a randomly-chosen socketname that ssh-agent is listening on

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-uQXjj14171/agent.14171; export SSH_AUTH_SOCK;
SSH_AGENT_PID=14172; export SSH_AGENT_PID;
echo Agent pid 14172;

Notice these are just printed by ssh-agent.  You should start ssh-agent 
like this

eval `ssh-agent`

to get the magic environment vars into the current shell.  Apparently 
you can stick that in

/etc/X11/xinit/Xclients

and infect the shell used to start your desktop manager with the magic 
vars so all of X (ie, Konsole windows, xterms, etc) can inherit them 
automatically.

-Andy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060321/0db12eda/attachment-0001.bin>

More information about the fedora-list mailing list