[Bug 352391] Re: AppArmor prevents DHCP from getting address

2009-04-06 Thread Roger Hunwicks
Yes I have installed likewise-open5 and left a domain (and then rejoined
the domain). This does seem to be a duplicate of bug 354498. My
/etc/apparmor.d/abstractions/nameservice is attached.

** Attachment added: "/etc/apparmor.d/abstractions/nameservice"
   http://launchpadlibrarian.net/24923021/nameservice

-- 
AppArmor prevents DHCP from getting address
https://bugs.launchpad.net/bugs/352391
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 348126] Re: ssh are using ssh-userauth but ignores private key

2009-04-01 Thread Roger Hunwicks
Reading https://bugs.launchpad.net/ubuntu/+source/gnome-
keyring/+bug/339097 it looks like gnome-keyring is acting as the ssh-
agent, so maybe the problem is with that rather than seahorse.

Roger

-- 
ssh are using ssh-userauth but ignores private key
https://bugs.launchpad.net/bugs/348126
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 348126] Re: ssh are using ssh-userauth but ignores private key

2009-04-01 Thread Roger Hunwicks
@rancor

Can you try your key that doesn't work using ssh-agent in a non-Gnome
session, either by switching to a different TTY or by ssh'ing into the
Jaunty box from elsewhere (without Agent Forwarding: ssh -a ...)?

It might be that the problem is with seahorse rather than openssh-
client, given my key works outside Gnome but not inside it, regardless
of whether I use ssh-agent or ssh -i

Roger

-- 
ssh are using ssh-userauth but ignores private key
https://bugs.launchpad.net/bugs/348126
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 348126] Re: ssh are using ssh-userauth but ignores private key

2009-04-01 Thread Roger Hunwicks
I have a system running Jaunty Beta AMD64 with ssh 1:5.1p1-5ubuntu1.

I have two private keys, both of which are valid in a number of remote
servers. If I copy one of the keys to ~/.ssh/id_rsa everything works
correctly. If I copy the other key to ~/.ssh/id_rsa it does not work
within gnome using seahorse and ssh-agent, but it does work from a non-
Gnome session. Both keys work correctly in Intrepid. Both keys were
originally generated using PuttyGen on Windows. Looking at the trace at
the end of this response, does seahorse have an issue if the key is only
1023 bits instead of 1024?

It works from a non-Gnome session:
Ctrl-Alt-F2
Login using Username/Password, 
$ ssh server.example.com

Connects correctly.

But it doesn't work within Gnome:
Start Gnome Terminal
$ ssh server.example.com

Permission denied (publickey,gssapi-with-mic).

$ ssh -vvv server.example.com

debug1: Offering public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 148
debug2: input_userauth_pk_ok: fp ed:
debug3: sign_and_send_pubkey
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Trying private key: /home/user/.ssh/identity
debug3: no such identity: /home/user/.ssh/identity
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic).

For comparison, using the same key in the terminal session (i.e. no ssh-agent, 
no seahorse):
debug1: Offering public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 148
debug2: input_userauth_pk_ok: fp ed:
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type 
Enter passphrase for key '/home/user/.ssh/id_rsa': 
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

Also, using the same key in the terminal session but using ssh-agent (still no 
seahorse):
$ eval `ssh-agent`
Agent pid 25343
$ trap "kill $SSH_AGENT_PID" 0
$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/user/.ssh/id_rsa: 
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
$ ssh -vvv server.example.com

debug1: Offering public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 148
debug2: input_userauth_pk_ok: fp ed:
debug3: sign_and_send_pubkey
debug1: Authentication succeeded (publickey).

Finally, using the "good" key that works inside Gnome:
In Gnome, start Gnome Terminal
$ ssh -vvv server.example.com

debug1: Offering public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp 
debug3: sign_and_send_pubkey
debug1: Authentication succeeded (publickey).

I captured the full trace for a Gnome login using the good key and the bad key 
and did a diff:
$ diff good.txt bad.txt 
35,36c35,36
< debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
< debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
---
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1023
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1023
75,76c75,76
< debug2: dh_gen_key: priv key bits set: 123/256
< debug2: bits set: 506/1024
---
> debug2: dh_gen_key: priv key bits set: 116/256
> debug2: bits set: 518/1024
85c85
< debug2: bits set: 485/1024
---
> debug2: bits set: 525/1024
96c96
< debug2: key: /home/user/.ssh/id_rsa ()
---
> debug2: key: /home/user/.ssh/id_rsa ()
123,124c123,124
< debug1: Server accepts key: pkalg ssh-rsa blen 149
< debug2: input_userauth_pk_ok: fp ed:
---
> debug1: Server accepts key: pkalg ssh-rsa blen 148
> debug2: input_userauth_pk_ok: fp ed:
126c126,133
< debug1: Authentication succeeded (publickey).
---
> debug1: Authentications that can continue: publickey,gssapi-with-mic

-- 
ssh are using ssh-userauth but ignores private key
https://bugs.launchpad.net/bugs/348126
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 352391] [NEW] AppArmor prevents DHCP from getting address

2009-03-31 Thread Roger Hunwicks
Public bug reported:

I am running Jaunty Beta on AMD64, I have dhcp3 (3.1.1-5ubuntu7)
installed.

Network Manager shows the constant spinning icon, and never gets an IP
address.

My /var/log/messages has:

Mar 31 15:54:51 hostname kernel: [   23.264536] type=1503
audit(1238504091.637:14): operation="socket_create" family="inet"
sock_type="dgram" protocol=17 pid=3269 profile="/sbin/dhclient3"

This is sort of related to
https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/342235 but is
giving a different AppArmor error.

** Affects: dhcp3 (Ubuntu)
 Importance: Undecided
 Status: New

-- 
AppArmor prevents DHCP from getting address
https://bugs.launchpad.net/bugs/352391
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs