Re: Prompted for password even though ssh keys are setup

Tue, 29 Aug 2006 02:03:50 -0700

(Since Greg's intention was to send this to the list, I reply to the entire message) 

Greg Thomas wrote:

On 8/26/06, Alexander Hall <[EMAIL PROTECTED]> wrote:

Greg Thomas wrote:

> [EMAIL PROTECTED] sudo test.sh

> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1

> debug1: Offering public key: /home/ethant/.ssh/id_rsa

I cannot reproduce this behaviour. I would say strange, but I bet it is
documented in the man pages somewhere (environment variables? file
permissions? Host-based authentication?).

I've tested on 3.8, 3.9 snapshot (May 3) and 4.0 snapshot (Jul 31).

Can you show the contents of test.sh, from corn?



It's pretty simple right now:

[EMAIL PROTECTED] cat test.sh
#!/bin/sh
/sbin/dump -1auf - /dev/rwd0a | gzip | \
  ssh -v [EMAIL PROTECTED] "cat > /laptops/corn/$(date "+%Y%m%d")_root1.dump.gz

[EMAIL PROTECTED] env
_=/usr/bin/env
[EMAIL PROTECTED](hostname -s)#
PATH=/home/ethant/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin:/usr/games:/usr/local/jdk-1.4.2/bin:/home/ethant/bin:. 
SHELL=/bin/ksh
USER=ethant
DISPLAY=:0.0
HOME=/home/ethant
SSH_AUTH_SOCK=/tmp/ssh-TSTIJ24278/agent.24278
WMAKER_BIN_NAME=wmaker
SSH_AGENT_PID=19687
TERM=xterm
WRASTER_COLOR_RESOLUTION0=4
WINDOWID=16777230
LOGNAME=ethant
As Darren Tucker pointed out, the SSH_AGENT_PID would not be set by the sshd agent forwarding.
However, if you are running X, /etc/X11/xdm/Xsession will do this for you. And, if your key is not passphrase protected, I guess it will just blindly use it. 



[EMAIL PROTECTED] cat /etc/sudoers
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

Seems to be doing something automagical seeing [EMAIL PROTECTED] in the
command line and grabbing debug1: Offering public key:
/home/ethant/.ssh/id_rsa.

Greg


/Alexander

Reply via email to