| 1 |
On Friday 15 February 2008, Florian Philipp wrote: |
| 2 |
> On Fri, 2008-02-15 at 20:59 +0200, Alan McKinnon wrote: |
| 3 |
> > On Friday 15 February 2008, Florian Philipp wrote: |
| 4 |
|
| 5 |
> > > I can use ssh to login from DAU to NOTE but not vice versa. I've |
| 6 |
> > > played around with several settings before this happened but I'm sure |
| 7 |
> > > it worked after my last change. |
| 8 |
|
| 9 |
Since you've unmerged everything the above is probably irrelevant to the |
| 10 |
problem below. |
| 11 |
|
| 12 |
> > > Well, ultimately I've unmerged openssh, keychain and denyhosts on |
| 13 |
> > > both computers and removed /etc/ssh and .ssh in root's and the users' |
| 14 |
> > > home directories and then reemerged just openssh. |
| 15 |
|
| 16 |
Did you then run ssh-keygen on both machines? |
| 17 |
|
| 18 |
> > Ah. You probably shouldn't have done that, unless you know for a fact |
| 19 |
> > that YOU screwed the ssh config up beyond all hope of recovery. |
| 20 |
> > Usually, you just sit with the same problem anyway, or make it worse by |
| 21 |
> > removing the configs that still work |
| 22 |
|
| 23 |
Having both machines' settings would also allow for diff-ing between them, but |
| 24 |
it's all irrelevant now. |
| 25 |
|
| 26 |
> > > Yet, the situation didn't change. |
| 27 |
> > > |
| 28 |
> > > Here's what happening: |
| 29 |
> > > |
| 30 |
> > > dsl@NOTE > ssh -vvv DAU |
| 31 |
> > > |
| 32 |
> > > OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g 19 Oct 2007 |
| 33 |
> > > debug1: Reading configuration data /etc/ssh/ssh_config |
| 34 |
> > > debug2: ssh_connect: needpriv 0 |
| 35 |
> > > debug1: Connecting to DAU [192.168.2.4] port 22. |
| 36 |
> > > debug1: Connection established. |
| 37 |
> > > debug1: identity file /home/dsl/.ssh/identity type -1 |
| 38 |
> > > debug1: identity file /home/dsl/.ssh/id_rsa type -1 |
| 39 |
> > > debug1: identity file /home/dsl/.ssh/id_dsa type -1 |
| 40 |
> > > ssh_exchange_identification: Connection closed by remote host |
| 41 |
|
| 42 |
As I said above, have you generated new keys? If yes, you could copy public |
| 43 |
key A to the ~/.ssh/authorized_keys file and do away with the need to enter a |
| 44 |
password. It's only then that you can turn PasswordAuthentication no. |
| 45 |
|
| 46 |
Hope this helps. |
| 47 |
-- |
| 48 |
Regards, |
| 49 |
Mick |
Archives