[SGVLUG] SSH Keys / Trusted Authentication

Sean O'Donnell sodonnell at childrensoncologygroup.org
Wed May 3 17:41:14 PDT 2006 

I'm having issues getting our CVS server to 'trust' my workstation when
logging in via SSH.

A few months back, I had this all set up properly, and all was well. I
was able to login to the CVS Server via SSH w/out having to type my
password, cool. 

This makes my life MUCH easier when working w/ our cvs-centric
staging/production environment, and pushing files from dev to qa, or qa
to production, as well as the cvs tagging procedures that occur in the
process. 

This tag/push process usually prompts for a password about 3-6 times,
depending on which push is occuring.

It all worked fine until I had to change my local gid so that I could
access the NFS server, which was very similar to the recent thread by
Claude. 

I ended up changing my gid throughout my local workstation, which was a
bit of a pain @ 1st, but everything worked out ok. Well, except for the
SSH Keys / Trust issue.

Now, my uid and gid are the same on both (err, all) systems here. The
servers use LDAP to synchronously manage user accounts, but our
workstations do not. We admin our own workstations essentially, due to
our stereotypical lazy/slacker admin, who is no longer here.

Since it started having troubles after the gid change, I figured that I
simply needed to re-generate the keys, and re-upload my public keys to
the remote ssh server (cvsserv), which I did, and still no luck. =(

I spent a few hours on this w/ our (newly departed) sysadmin that day,
and his final response was 'I don't know, wtf!?!?'.

Anyhow, here are the commands used for this...

---

# mylocalhost commands
mkdir .ssh
cd ~/.ssh
ssh-keygen -t rsa1
ssh-keygen -t rsa
ssh-keygen -t dsa
ssh cvsserv

---

# cvsserv commands
mkdir .ssh
cd .ssh
scp mylocalhost:~/.ssh/*.pub .
cat identity.pub >> authorized_keys
cat id_dsa.pub id_rsa.pub >> authorized_keys2
chmod 644 authorized_keys*
rm *.pub
logout

---

This is the same exact process that I used when I had set it up
originally (with my old gid), and it worked fine back then.

After looking @ the /etc/passwd files on both systems, I noticed a
slight difference in 1 area...

# mylocalhost:/etc/passswd
myid:x:5050:5050:myid:/home/myid:/bin/bash

# cvsserv:/etc/passwd
myid:x:5050:5050::/home/myid:/bin/bash

However, I assume that missing field is simply for the 'comment' (ie:
useradd -c comment), so that wouldn't cause the problem, or??

Anyhow, any input would be much appreciated. *EOD*

Thanks,

Sean O'Donnell
Programmer Analyst (PHP)
Children's Oncology Group (COG) 
CureSearch Technology Group (CTG)

440 E. Huntinton Dr. 2nd Floor
Arcadia, CA 91066

[office] (626) 241-1752
[email] sodonnell at cogmembers.org

PGP Public Key: 0xE6A0E96C
PGP Public Key Server: http://pgp.mit.edu

----

More information about the SGVLUG mailing list