Hi all, I've asked this question before, but I was never able to fix the problem, and now it's back again and I'd like to try and resolve it. I have an authorized_keys file with about twenty keys, most of which are prefaced with command="/usr/bin/rsync ...". If I put my host key at the top of the authorized_keys file, I can connect without a problem. If it gets put near the bottom, ssh seems to pick an arbitrary key, accepts my passphrase, and starts to run one of the rsync commands. One of the thoughts was that because many of the hosts are running openssh-2.3 and not the latest. If it's likely this is the problem, I'll upgrade them all, but there are a lot of hosts, and I'd rather not do it if it isn't necessary.. Other ideas, perhaps? Thanks, Dave
On Sat, Dec 01, 2001 at 12:32:22AM -0500, Dave Wreski <dave@nic.com>
wrote:
| I have an authorized_keys file with about twenty keys, most of which are
| prefaced with command="/usr/bin/rsync ...". If I put my host key at
the
| top of the authorized_keys file, I can connect without a problem. If it
| gets put near the bottom, ssh seems to pick an arbitrary key, accepts my
| passphrase, and starts to run one of the rsync commands.
If it's what I suspect, answer these questions:
Are all the keys different? (You have to say "yes" here.)
Are you using an ssh-agent at the calling end? ("You want "no"
here,
and a "-i keyfile" in the ssh call.)
This is, to my mind, a great failing in ssh: if you have an agent then
the -i option is as good as ignored - any keys in the agent will still
be considered for use in the connection. To this end I have a script
called nphssh here:
http://www.zip.com.au/~cs/css/index.html#s-ssh
that I use for this kind of thing. You need to get no-ssh-agent as well
from the same page.
Basically you want to run the ssh for the specific key _with a -i and
_without_ an ssh-agent in its environment, thus these wrappers.
Cheers,
--
Cameron Simpson, DoD#743 cs@zip.com.au http://www.zip.com.au/~cs/
If you lie to the compiler, it will get its revenge. - Henry Spencer
>Hi all, > >I've asked this question before, but I was never able to fix the problem, >and now it's back again and I'd like to try and resolve it. > >I have an authorized_keys file with about twenty keys, most of which are >prefaced with command="/usr/bin/rsync ...". If I put my host key at the >top of the authorized_keys file, I can connect without a problem. If it >gets put near the bottom, ssh seems to pick an arbitrary key, accepts my >passphrase, and starts to run one of the rsync commands. > >One of the thoughts was that because many of the hosts are running >openssh-2.3 and not the latest. If it's likely this is the problem, I'll >upgrade them all, but there are a lot of hosts, and I'd rather not do it >if it isn't necessary.. > >Other ideas, perhaps? > >Thanks, >DaveWell, I read here that it "accepts your passphrase" - how does this work, then? If you use keys, you need no passphrase - if you use passwords, it won't do the commands in ~/.ssh/authorized_keys2. And to turn off the agent as Cameron Simpson told previously, it's sufficient to clear the environment variable SSH_AUTH_SOCK (at least on UNIX). Hope that helps! Regards, Phil