Github ssh loging probelm
have anyone suffering the github logging problem as me?
before someday of update i can log in github succesfully via ssh
but now it is impossible:
when i typed the command ssh [email protected] the result likes blow:
arch@***> ssh -v [email protected] ~/software-settings
OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /home/arch/.ssh/config
debug1: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
debug1: identity file /home/arch/.ssh/id_rsa type 1
debug1: identity file /home/arch/.ssh/id_rsa-cert type -1
debug1: identity file /home/arch/.ssh/id_dsa type 2
debug1: identity file /home/arch/.ssh/id_dsa-cert type -1
debug1: identity file /home/arch/.ssh/id_ecdsa type -1
debug1: identity file /home/arch/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2
debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client arcfour hmac-md5 [email protected]
debug1: kex: client->server arcfour hmac-md5 [email protected]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/arch/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/arch/.ssh/id_rsa
debug1: Remote: Forced command: gerve realfirst
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Remote: Forced command: gerve realfirst
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([207.97.227.239]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
PTY allocation request failed on channel 0
does someone can given me a help?
thanks in advance!
Last edited by realfirst (2011-02-26 06:27:57)
hbekel wrote:This is normal. Github doesn't allow shell access, the important part is that you are authorized at all. So everything's fine.
thank for your reply and i have found that i can commit the code to github without any problem although it has the indication as i have posted .
Similar Messages
-
Nginx client_ip in log file, with ssh -R Port forwarding
Hi, everyone!
First, I run a nginx server M1 (in my offce) behind a router R1 and M1's IP addr is 192.168.5.126. I set nginx's log format like this:
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
After that, I will get the correct client ip in the access log.
192.168.5.88 - - [21/Apr/2015:11:12:47 +0800] "GET /js/date.js HTTP/1.1" 200 403 "http://192.168.5.126/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36" "-"
Then, I want to visit M1 outside (in the campus) . Unfortunately, I can do nothing with the router R1. But I have a router R2 whose framework is OpenWrt and its IP 222.xx.xx.xx can be visited by anyone who has logged into the campus network.
Then I wrote a autossh service to do that:
[Unit]
Description=AutoSSH service for local port 80 forwarded to 222.xx.xx.xx:80
# place this in /etc/systemd/system/, than enable this.
After=network.target
Requires=nginx.service
After=nginx.service
[Service]
Environment="AUTOSSH_GATETIME=0" "AUTOSSH_POLL=60" "AUTOSSH_LOGFILE=/var/log/nginxssh.log"
ExecStart=/usr/bin/autossh -M 22000 -NR 222.xx.xx.xx:808:localhost:808 -NR 222.xx.xx.xx:80:localhost:80 -o TCPKeepAlive=yes -p xxxx [email protected] -i /home/username/.ssh/id_rsa
[Install]
WantedBy=multi-user.target
Yeah, It works! BUT BUT when someone visits 222.xx.xx.xx, I lost the the client ip in nginx log file. That would always be 127.0.0.1, why?
127.0.0.1 - - [27/Apr/2015:00:34:07 +0800] "GET /static/mathjax/MathJax.js?config=TeX-AMS_HTML HTTP/1.1" 304 0 "http://222.xx.xx.xx:808/url/jakevdp.github.com/downloads/notebooks/XKCD_plots.ipynb" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:37.0) Gecko/20100101 Firefox/37.0" "-"
After ``ssh -R Port forwarding``, client ip is lost?
If so, what should I use to replace ``ssh -R``?
Last edited by limser (2015-05-04 12:39:18)It seems there is a port forwarding configuration trouble with you modem.
When you access from the WAN or from the LAN, you don't enter in you modem the same way, so the behavior is different.
It seems that the port 22 of your modem is not directly forwarded to your server. The modem itself asks you a login/password. The key-pair authentification is between laptop and server. The modem itself is not recognized during this authentification.
Don't touch your ssh-config. It's OK since it was working for monthes before you change your modem. -
Seahorse keeps asking about password, even when ssh-key is used
Hi,
I want easy access to my repos on bitbucket.
I have set my id_rsa.pub in bitbucket preferences, but when I try take any action on repo I have to type password .
First there is graphical popup menu to type password, when I cancel it I can type password in terminal.
error: unable to read askpass response from '/usr/lib/seahorse/seahorse-ssh-askpass'
Password for 'https://[email protected]':
I have tried set ssh-key for bitbucket on my raspberry pi, and it works properly (no password is needed).I do not use Bitbucket, but I think this is similar to the issue with GitHub that I have noticed. Basically, when the url scheme of the remote is https:// , I am always asked for a password, but when there is no scheme (for github this is 'remote [email protected]:XXX/XXX') (or when the scheme is ssh:// , I assume), the ssh key is used.
I suggest you see whether you can use an alternate url scheme and see if it fixes the problem.
Hope this helps! -
[SOLVED] SSH, email - connection 'hangs'
Hello,
I have a problem with connections at work - it happens only at work, I tried on Arch and also Debian.
I haven't noticed it to affect 'web browsing' - it affects for sure ssh (incl. git) and sending email mesages.
What happens:
About 3/4 of times I try to send an email (google account from thunderbird), or log in to one of our servers with ssh (or pull/push some code from/to github) the connection 'hangs' and nothing happens. If I try ^C and 'redo' few times I finally manage to log in.
Log from ssh (unsuccessfull connection):
ssh bb5 -vvvv
OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012
debug1: Reading configuration data /home/kaczor/.ssh/config
debug1: /home/kaczor/.ssh/config line 18: Applying options for bb5
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to XXX.XXX.XXX.XXX [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/kaczor/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/kaczor/.ssh/id_rsa type 1
debug1: identity file /home/kaczor/.ssh/id_rsa-cert type -1
debug1: identity file /home/kaczor/.ssh/id_dsa type -1
debug1: identity file /home/kaczor/.ssh/id_dsa-cert type -1
debug1: identity file /home/kaczor/.ssh/id_ecdsa type -1
debug1: identity file /home/kaczor/.ssh/id_ecdsa-cert type -1
[-- and I can wait for ages on this --]
If the login is successfull the next lines are:
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze1
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug2: fd 3 setting O_NONBLOCK
My /etc/ssh/ssh_config on Arch is default (everything commented out)
~/.ssh/config has only few Host, User, entries
On Debian:
/etc/ssh/ssh_config
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
Trying to ssh to server's IP doesn't change anything.
Any ideas how could I track where lies the problem? Or maybe I could at least make it 'retry' automatically?
Edit:
After setting timeout in ssh_config I get
Connection timed out during banner exchange
at the end of unsuccessfull connection.
Last edited by kaczor1984 (2012-04-24 15:15:17)firecat53 wrote:
Try downgrading openssl and openssh to the previous versions. I had issues similiar (but not exactly) to this. I think try openssl-1.0.0.h and openssh-5.9p1-5
Scott
On Debian the openssl is 0.9.8g-15 and openssh is 5.1p1-5
Gcool wrote:Try connecting with the "-o ConnectTimeout=60" parameter....
I've set it already in ssh_config file (see my edit). Is there any way to make ssh 'retry' few times because now it gives up after first failure.
I've set ConnectionAttempts 5 but i'm not sure if it works - I'll have to give it another try on tuesday.
mr.MikyMaus wrote:Can it be that your employer does not like encrypted traffic in his network? I could imagine an IPS system trying to decipher the connection... Try moving the server-side ssl service to a non-standard port if you can...
It is possible - however I don't know exactly how is the network 'distributed'. Maybe I'll try to change it at least at one server and give it a try.
Anyway - what about emails for example - this uses port 25 (smtp on gmail) and is experiencing the same problems (message sending lasts until timeout 8 out of 10 times).
I don't know too much about networks - maybe there is some kind of service which doesn't work properly in my network at the office. Any clues what could it be?
Most important for me is to make 'git pull' work - because it's executed automatically on those Debian boxes and if it fails they are not updated.
So solution like 'make it retry 10 times per 5 seconds' will do the job for 90% cases I think. -
GPG-AGENT "ignoring" pinentry program? wrong pinentry app for ssh-keys
Hi!
I am using gpg-agent to handle my gpg keys and wanted it to handle my ssh keys too, since it is running anyway.
it works perfectly fine with gpg keys, my pinentry program is pinentry-qt4 , upon request that window pops up for me to enter my passphrase.
as window manager i use awesome wm.
however, when i try to use my ssh key, e.g. for github, no pinentry program pops up and in xterm it looks like:
[me@mybox dotfiles]$ git push origin master
it seems that is is waiting for my passphrase input but it isnt asking for it. neither does it accept it.
when i quit my WM, i see that it executed the pinentry program directly in my tty1, to which i do not have access while running my WM.
my gpg-agent.conf:
me@mybox ~/.gnupg> cat gpg-agent.conf
default-cache-ttl 300
max-cache-ttl 7200
pinentry-program /usr/bin/pinentry-qt4
how do i get gpg-agent to respect my pinentry choice for my ssh keys as well?
thanks for your time !I use this
$ cat /etc/kde/env/gpg-agent-startup.sh
#!/bin/sh
# see https://wiki.archlinux.org/index.php/SSH_Keys
GPG_AGENT=/usr/bin/gpg-agent
## Run gpg-agent only if not already running, and available
if [ -x "${GPG_AGENT}" ] ; then
# check validity of GPG_SOCKET (in case of session crash)
GPG_AGENT_INFO_FILE=${HOME}/.gpg-agent-info
if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
GPG_AGENT_PID=`cat ${GPG_AGENT_INFO_FILE} | grep GPG_AGENT_INFO | cut -f2 -d:`
GPG_PID_NAME=`cat /proc/${GPG_AGENT_PID}/comm`
if [ ! "x${GPG_PID_NAME}" = "xgpg-agent" ]; then
rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
else
GPG_SOCKET=`cat "${GPG_AGENT_INFO_FILE}" | grep GPG_AGENT_INFO | cut -f1 -d: | cut -f2 -d=`
if ! test -S "${GPG_SOCKET}" -a -O "${GPG_SOCKET}" ; then
rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
fi
fi
unset GPG_AGENT_PID GPG_SOCKET GPG_PID_NAME SSH_AUTH_SOCK
fi
if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
eval "$(cat "${GPG_AGENT_INFO_FILE}")"
eval "$(cut -d= -f 1 "${GPG_AGENT_INFO_FILE}" | xargs echo export)"
export GPG_TTY=$(tty)
else
eval "$(${GPG_AGENT} -s --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-qt4 --write-env-file)"
fi
fi
I think I could probably use the /etc/profile.d location but when I first set it up, kde was already running gpg-agent so I adapted its file. Later, I uninstalled the thing which does that in kde and just kept my own customised version.
Are you sure that your xinitrc isn't starting a second gpg-agent? -
[SOLVED] Can't push to github (openssh-askpass fails to authenticate)
Greetings
I am having trouble pushing to github. I have added my public key to github
and checked that it works using
ssh -T [email protected]
When I try to use git to do a git push origin master I get a password prompt
dialog from openssh-askpass. I tried removing openssh-askpass but it seems
there is not fallback as I get an error of it missing.
There are two dialogs that pop up and I think they don't do the same thing
even though they both ask the same thing viz "enter your ssh passphrase"
I think the first one is actually asking for my username and the second one
is the passphrase. I have tried entering "git" as a username, my github
username and my passphrase as instructed and this all fails to authenticate.
I also can't find where the logs are for openssh. I did
tail -f /var/log/*
and nothing changes while try to login.
Is there a configuration for git to use openssh-askpass which was added
that I missed?
Which logs should I be looking at?
Last edited by lunamystry (2012-09-07 12:26:49)This is my solution which seems to work:
After web searching the error I got, I found that there is an environment
variable GIT_ASKPASS and SSH_ASKPASS which launch whatever you tell
them to get the passphrase.
GIT_ASKPASS is not set by default and git calls SSH_ASKPASS instead.
One of them has to be set otherwise git (and I assume ssh if SSH_ASKPASS
is not set) will not use the passphrase but will prompt for the password.
The password in my case was the github password. I installed ksshaskpass
because I am on KDE and that removed ssh_askpass and integrates with
KWallet. Here are the commands I used in case the above was not clear:
export SSH_ASKPASS=""
sudo pacman -S ksshaskpass
export GIT_ASKPASS="/usr/bin/ksshaskpass"
cd Projects/Scripts/
git push origin master
You obviously don't need the last two commands. -
Hi all,
I'm having trouble creating an ssh key in the Terminal on Snow Leopard. Here are the steps I follow:
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/.../.ssh/id_rsa): (I hit enter)
/Users/.../.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
(And then I see this message:)
open /Users/.../.ssh/id_rsa failed: Is a directory.
Saving the key failed: /Users/.../.ssh/id_rsa.
How can I bypass this error? I thought maybe the problem is that I have a previous keypair, but if so I followed the steps outlined in http://help.github.com/mac-set-up-git/ to remove the old pair before generating the new one, and I still get the same error message.
Any help would be greatly appreciated.
TI actually fixed the problem, if anyone else comes across it: if facing this issue, when backing up and removing existing ssh keys before generating new ones, the command should be
$ cp -R id_rsa* key_backup
(Add the -R to the line in the GitHub instructions.) -
Hi,
Not sure if this is the right place to post, so I hope you can help me, basically I am tryin to setup github using the command line instructions but I am unable to do it using the Terminal, here a copy/paste from the terminal:
+Ricardo-Sanchezs-MacBook-Pro:~ nardove$ ssh-keygen -t rsa -C "[email protected]"+
+Generating public/private rsa key pair.+
+Enter file in which to save the key (/Users/nardove/.ssh/id_rsa):+
+*Could not create directory '/Users/nardove/.ssh'.*+
+Enter passphrase (empty for no passphrase):+
+Enter same passphrase again:+
+open /Users/nardove/.ssh/id_rsa failed: *No such file or directory.*+
+Saving the key failed: /Users/nardove/.ssh/id_rsa.+
+Ricardo-Sanchezs-MacBook-Pro:~ nardove$+
I hope that makes sense, and here is a link to the instructions I am following
http://help.github.com/mac-key-setup/
Any help will be much appreciated!
Cheers
rSCan you post the output of
# ls -la ~
(only interested in the .ssh directory permissions)
For reference, here's mine:
drwx------ 4 krism staff 136B Aug 5 15:44 .ssh -
Zuul - Simple two-factor authentication for SSH unless using publickey
To quote myself:
I wrote:I have a few machines I want to access using SSH. I use public keys when connecting from a trusted computer. However, I also want to access the machines from other computers using passwords. To eliminate the consequences of brute force password cracking or even stolen passwords, I been looking for a two-factor authentication scheme to use if anything but public keys are used. The method described here lets me log in using publickeys without any further hassle, while I must enter a second, one time password delivered to my mobile phone by email if I use a password.
Comments are welcome! (Especially on a better way to figure out what authentication method the current SSH session used)
https://github.com/halhen/techsperiment … aster/zuulFinally, this is what I looking. Thanks for giving the link.
-
Cdot with ssh keys for domain accounts
Has anyone on this board got ssh working with domain keys for cdot??
I use multiple keys; it is easy enough to manage them using keyring, and it means that I am able to compartmentalize them according to use case: work (which I obviously have a professional interest as well as personal in protecting) home (one for each box), and then keys for specific tasks (eg., automated backups, acess to particular services like github, mercurial etc).
This means that if one key is compromised, the others are unaffected and I can revoke the compromised key and, after cleaning up the mess as best I can, generate another and move on.
The only system I employ is to give each key a meaningful name (having multiple keys named id_{d,r}sa doesn't scale at all) and a policy of only adding the minimum necessary keys to each box's keyring; again, entering all the passphrases with any frequency helps manage this tendency.
I am also very careful about the key on my android as I see this as the most obvious risk: losing your phone is a pain; losing your phone and potentially relinquishing the key on it would be catastrophically asinine... -
I can't get in to the home machine via ssh.
What do I need to change?
I have Remote LogIn set on Sharing Prefs.
I have 22 PF'd on the router to the Mac.
I am behind a FiOS ActionTec router, FYI.
ssh [email protected]The '-t' option has to do with using ssh in scripts where there may not be a terminal to attach to. I include it in my example because if you script this procedure, you're going to wonder why it has issues.
The '-C' option turns on data compression. For VNC it helps a small amount.
As for key-based login... SSH is secure because it uses two-factor encryption to secure the information that's sent using the protocol, that's the "secure" part of the protocol. The one weakness, however, is that if you use your regular username and password, an attacker has a relatively good chance of figuring those out using what's called a "dictionary attack" (namely, they try millions of usernames and passwords one after another until one eventually works). While that sounds slow, it is still fairly effective.
SSH, however, provides a means for you to login without using a password - and you can even disable password-based logins altogether. This involves creating a secure "key-pair" used for loging into your computer. You generate the key-pair on the remote machine that you want to authorize to connect. The public key from the pair, you append to the file ~/.ssh/authorized_keys on your home computer, and the private key you use to login (if you are on a Mac, you put it in ~/.ssh/id_rsa and it will be used automaticall).
These keys are random 2 kilobit or 4 kilobit keys and would take comparatively much longer to attempt to guess (hundreds of years), and you can revoke a key for a remote system by simply removing it from the authorized key list.
See http://www.google.com/search?q=passwordless+ssh+setup -
Sshmc - control music from anywhere via SSH
SSH Music Controller
Information:
* Written in python
* Allows you to play, pause, skip forward, skip backwards, and stop a song on a remote computer
* Adjust volume on a remote computer
Screenshot:
Known bugs:
* If the song ends and goes on to the next song, the line of text that displays the current song doesn't change. A workaround is to press play.
Currently supported music players:
* ncmpcpp
Dependencies for client machine (controlling the music):
* python (official repos)
* wxpython (official repos)
Dependencies for remote machine (playing the music):
* one of the supported music players from above
Installation (this requires git):
1) First, clone the files from my github:
$ git clone git://github.com/itsbrad212/sshmc.git
2) Run the install script on the client machine as root
# ./install.sh
3) Edit /usr/share/sshmc/sshmc.py to set the IP address of the remote machine, the SSH port to use, and the user to login as
4) You're done! You should now be able to launch the application by executing the sshmc command from wherever you choose.
Configuration:
* Edit /usr/share/sshmc/sshmc.py to set the IP address of the remote machine, the SSH port to use, and the user to login as
Footnotes:
* Please report any bugs so I can fix them
* If you would like support for your music player, just ask
* I am using keychain so I am not prompted with an SSH password. I strongly reccomend using this, or using a public key.
Changelog:
* Added an install script and icons (7/23/10)
* Removed need for amixer-wrapper [falconindy] (7/25/10)
Last edited by itsbrad212 (2010-07-25 19:06:53)falconindy wrote:
A few points:
* You've left yourself hardcoded in def PlaySong. On line 91:
os.system("ssh -p 22 [email protected] 'ncmpcpp play'")
* A separate user based config file would be good to have rather than editing the script itself.
* I don't understand the need for the C wrapper on amixer when a python function would suffice to read and parse the output.
* Consider adopting, updating, and using python-mpdclient. It would allow you to do a lot more things solely in Python rather than constantly forking and calling the OS. ...I suppose at that point, you're moving towards a more full fledged MPD client.
Crap...thanks for those tips falconindy. I had removed that hardcoded portion, but I forgot to commit the changes I'll definitely check out python-mpdclient.
Also, about the C wrapper: It's all I could find at the moment. If you, myself, or someone else could find/write something in python, I'll be happy to replace amixer-wrapper. I will most likely make a seperate config file as well. This release was an sort of an alpha.
Last edited by itsbrad212 (2010-07-25 17:36:20) -
Hello everyone,
I recently switched to xfce from gnome3. I use SSH keys with a passphrase for logging into my servers and github and such. Whenever I SSH'd into my network server in gnome3, a window used to popup asking me for my passphrase. I like this window, but it doesn't show up in xfce. I tried using keychain, but it always asks for the password whether I use the SSH key or not.
I also tried setting $SSH_ASKPASS to gnome-ssh-askpass.sh, but the window never pops up. The gnome-ssh-askpass package is installed.
I also tried using nm-applet to unlock the keyring after login. I have no problems with NetworkManager connecting to my wifi.
I am not using xfce4 directly, only it's settings system (xfsettingsd). I am not logging into xfce4-session. My window manager is wmfs.
So, does anyone know how gnome handles this, or where I can look. I am thinking gnome-keyring, but I am not sure. I want to know why I get a window when I try to use a key in gnome..
Thank you for your time.
Last edited by demizer (2011-08-13 20:13:49)graysky wrote:https://wiki.archlinux.org/index.php/GNOME_Keyring
Thank you for the help, but I have done that already aswell. Seahorse shows my ssh key under private keys, but SSH doesn't use it:
[~]
[demizer@helium]$ ssh demizer@lithium
Enter passphrase for key '/home/demizer/.ssh/id_dsa':
Basically want to know how gnome detects this and shows a password box so I can implement that into my desktop. -
How do I disable password based login for ssh
Before upgrading to Mountain Lion I had setup my computer to allow remote login via SSH. Now that I have upgraded I can no longer login to my computer via SSH without specifying a password. How do I get back to not having to supply a password to login?
I created a user named `remotepair` and generated a RSA ssh key. I had setup password-less login to this user by adding the public keys of those who login to the ~/.ssh/authorized_keys file and the following settings in /etc/sshd_config
Protocol 2
PubkeyAuthentication yes
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
AllowUsers remotepair
I also created a question on ServerFault about other issues I have with SSH. I solved the issue by doing a PRAM reset.
Since my settings are no longer working for password-less login, how do I enable password-less login to my Mountain Lion enable Mac?Output for ssh -vvv [email protected]
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/jjasonclark/.ssh/config
debug1: Reading configuration data /usr/local/Cellar/openssh/5.9p1/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to home.jjasonclark.com [50.47.10.153] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/jjasonclark/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/jjasonclark/.ssh/id_rsa type 1
debug1: identity file /Users/jjasonclark/.ssh/id_rsa-cert type -1
debug1: identity file /Users/jjasonclark/.ssh/id_dsa type -1
debug1: identity file /Users/jjasonclark/.ssh/id_dsa-cert type -1
debug1: identity file /Users/jjasonclark/.ssh/id_ecdsa type -1
debug1: identity file /Users/jjasonclark/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "home.jjasonclark.com" from file "/Users/jjasonclark/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-e xchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14
-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],ecd
[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.
liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.
liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha
1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha
1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 510/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 80:b1:a1:11:8f:73:3a:bf:29:04:e9:70:18:d8:d5:cd
debug3: load_hostkeys: loading entries for host "home.jjasonclark.com" from file "/Users/jjasonclark/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "50.47.10.153" from file "/Users/jjasonclark/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'home.jjasonclark.com' is known and matches the RSA host key.
debug1: Found key in /Users/jjasonclark/.ssh/known_hosts:20
debug2: bits set: 475/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/jjasonclark/.ssh/id_rsa (0x7fbb53c14d60)
debug2: key: /Users/jjasonclark/.ssh/github (0x7fbb53c15600)
debug2: key: /Users/jjasonclark/.ssh/id_dsa (0x0)
debug2: key: /Users/jjasonclark/.ssh/id_ecdsa (0x0)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jjasonclark/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /Users/jjasonclark/.ssh/github
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/jjasonclark/.ssh/id_dsa
debug3: no such identity: /Users/jjasonclark/.ssh/id_dsa
debug1: Trying private key: /Users/jjasonclark/.ssh/id_ecdsa
debug3: no such identity: /Users/jjasonclark/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password: -
Hi
I configured Cisco ASA5510 firewall, but i am facing the problem with ssh login, i gave ssh for inside and outside access, but i am getting "server ... error" i enabled LOCAL for the authentication for ssh and HTTP. and i am able to acees the device through HTTP using ASDM, but not able to access from outside.
please find the configuration
thanks in advance
regards
Javahar
ASA Version 8.2(1)
hostname ASA5510
domain-name default.domain.invalid
enable password Nbxmt7LFbcxtLo.o encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.251.38.0 SAP_remote
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.252
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 SAP_remote 255.255.255.128
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 SAP_remote 255.255.255.128
access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 SAP_remote 255.255.255.128
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 115.115.169.241 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_cryptomap_1
crypto map outside_map 1 set peer XXX.XXX.XXX.20
crypto map outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 match address outside_cryptomap
crypto map outside_map 2 set pfs group5
crypto map outside_map 2 set peer XXX.XXX.XXX.20
crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map interface outside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 28800
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outsde
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outsde
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username test1234 password /FzQ9W6s1KjC0YQ7 encrypted
username cisco1234 password 5sSb..e9ZNWMmk2e encrypted privilege 15
tunnel-group Remote-p2p-vpn type ipsec-l2l
tunnel-group Remote-p2p-vpn ipsec-attributes
pre-shared-key *
tunnel-group XXX.XXX.XXXX.20 type ipsec-l2l
tunnel-group XXX.XXX.XXXX.20 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
message-length maximum client auto
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:83eab0b7ae2d2d9e74f8ea0b005076ea
: endHi,
Did you issue the command
ASA(config)# crypto key generate rsa modulus 2048
So that you can use SSH.
EDIT: I would suggest narrowing down the source address from where you can connect to the ASA from "outside" if possible.
- Jouni
Maybe you are looking for
-
When customizing my M93P I think I've misinterpreted the options under "Additional I/O". Now I believe choosing "DisplayPort to DisplayPort cable" or "DisplayPort to HDMI Video Adapter Converter" would have actually given me an additional port above
-
itunes starts all by itself playing music unbidden!
-
Itunes version 10.5 error message (-50)
I am getting an error message that says my itunes library cannot be saved . the error code is (-50). I recently updated to version 10.5. I tryed downloading a CD which workied fine, but kept getting message everytime a track downloaded. I tried playi
-
Does "Data Date" or "Data Time" still mean something here?
Hi all, I use the .NET and Dataset to develop my report and save the report in a Crystal Report file format, in my report I have a special field "Data Date". but , every time, when I open the file, since the data is static so I guess the "Data Date"
-
Transfer bought lesson to another mac
hi! i bought some guitar lessons and would like to transfer it to another mac. where can i find the file? thanks...