Ssh keys problem
Andy Green
andy at warmcat.com
Tue Mar 21 11:10:06 UTC 2006
Anne Wilson wrote:
> On Tuesday 21 March 2006 10:25, Andy Green wrote:
>> Anne Wilson wrote:
>>> Warning - the authenticity of host 'borg (127.0.0.1)'... can't be
>>> established RSA key fingerprint is ......
>>> Are you sure you want to continue?
>>>
>>> Permanently added 'borg' (RSA) to the list of known hosts.
>>>
>>>
>>> It's perfectly possible that, when I made a boo-boo on transfering some
>>> files from my home directory a couple of days ago, I could have
>>> overwritten something. In fact, I think that's the most likely reason.
>>> Question is, though, how do I go about troubleshooting this? Should I
>>> delete the .ssh directory on the remote box so that I have to start
>>> afresh there?
>> Put simply, borg was not in your clientside ~/.ssh/known_hosts. When
>> you said yes, it was added. There's nothing to troubleshoot about that,
>> from now on ssh connects to borg will be checked against the signature
>> stored now in your known_hosts, silently unless borg's signature changes
>> (because it is another machine trying to fake you out, or because you
>> reinstalled the OS on borg, etc).
>>
> It's strange, though, as I had used it before.
Did you not mention some things got nuked? If you nuked
~/.ssh/known_hosts this is what you could expect.
>> When you run ssh-agent, it prints out some shell commands to set
>> environment vars. You need to make sure that the environment you run
>> ssh from has those vars in it, otherwise ssh cannot communicate with
>> ssh-agent.
>>
> I'm not sure I understand, Andy. Putting your comments together with my
> experience of gpg, are you saying that ssh-agent isn't running? If so, I
No.
> presume that I need to add it to startup scripts.
No need to be in the dark, find out if it is running, with
ps -Af | grep ssh-agent
What I was telling you is that is does not matter is ssh-agent is
running or not, if the shell you run ssh from does not have the
environment vars spat out by ssh-agent in it, then ssh will not be able
to communicate with ssh-agent. One of the magic vars spat out by
ssh-agent is a randomly-chosen socketname that ssh-agent is listening on
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-uQXjj14171/agent.14171; export SSH_AUTH_SOCK;
SSH_AGENT_PID=14172; export SSH_AGENT_PID;
echo Agent pid 14172;
Notice these are just printed by ssh-agent. You should start ssh-agent
like this
eval `ssh-agent`
to get the magic environment vars into the current shell. Apparently
you can stick that in
/etc/X11/xinit/Xclients
and infect the shell used to start your desktop manager with the magic
vars so all of X (ie, Konsole windows, xterms, etc) can inherit them
automatically.
-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060321/0db12eda/attachment-0001.bin>
More information about the fedora-list
mailing list