I'm seeing some problems with access to automounted NFS volumes, especially right after a reboot. It's fairly common practice here to use DSA keys in ~/.ssh/authorized_keys for passwordless logins. We have common home dirctories automounted from a Netapp filer.
This has worked perfectly with all previous releases of RHEL, including RHEL 5.0 and the 5.1 beta. Here's what happens now. Host 'skipper' is a freshly-booted VMWare workstation guest with a very generic RHEL 5.1 install. I've done just enough configuration to add my user account and get automounting of my homedir working. 'tux' is my workstation. These login attempts are from an X session with ssh-agent holding my DSA private key. Here's my first login attempt - note that I'm prompted for a password: tux:~$ ssh -v skipper OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /usr2/dclinger/.ssh/config debug1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to skipper [10.46.174.173] port 22. debug1: Connection established. debug1: identity file /usr2/dclinger/.ssh/identity type -1 debug1: identity file /usr2/dclinger/.ssh/id_rsa type -1 debug1: identity file /usr2/dclinger/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'skipper' is known and matches the RSA host key. debug1: Found key in /usr2/dclinger/.ssh/known_hosts:3543 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering public key: /usr2/dclinger/.ssh/id_dsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: /usr2/dclinger/.ssh/identity debug1: Trying private key: /usr2/dclinger/.ssh/id_rsa debug1: Next authentication method: password [EMAIL PROTECTED]'s password: On the remote host the console and syslog says: FS-Cache: Loaded FS-Cache: netfs 'nfs' registered for caching I hit ctrl-c here and up-arrow to try again. I've changed nothing on the remote host. tux:~$ ssh -v skipper OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /usr2/dclinger/.ssh/config debug1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to skipper [10.46.174.173] port 22. debug1: Connection established. debug1: identity file /usr2/dclinger/.ssh/identity type -1 debug1: identity file /usr2/dclinger/.ssh/id_rsa type -1 debug1: identity file /usr2/dclinger/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'skipper' is known and matches the RSA host key. debug1: Found key in /usr2/dclinger/.ssh/known_hosts:3543 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering public key: /usr2/dclinger/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 434 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. Last login: Fri Nov 16 10:49:25 2007 from tux.qualcomm.com -bash-3.1$ On this second attempt (and on subsequent attempts in a short timeframe) my DSA keys are seen and I can login without a password. auto.master looks like this: /usr2 auto.home --timeout 600 and auto.home like this: dclinger -rw,noquota,intr,nofsc crate:/vol/vol2/usr2/dclinger I've tried changing the timeout, enabled --ghost, tried without the 'nofsc' flag, etc. to no avail. I've also seen problems with other processes that access automounted directories: 'su - dclinger' as root will get this error: su: warning: cannot change directory to /usr2/dclinger: No such file or directory on the first attempt but not subsequently. Has anyone else seen problems with NFS automount in the 5.1 final release? Thanks, -Deke _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
