а какой формат записи в authorized_keys ?
пример из живого файла можно ?
skoltogyan писал(а):а какой формат записи в authorized_keys ?
пример из живого файла можно ?
ssh-dss AAAAB3NzaC1kc3MAAAAhAJGRef7i1HQgyhaOM4tjMzECIXoZ+RzGQc5ODNmbLT8rAAAAFQDZJJtW0C4CplbOlWsV1ZzSC7/IuwAAACEAh5G7k1tSpLJoWdaNv1gOWWBatX4ryTGsxL+Fe3FfIuYAAAAgROQ4kDcIGyJwe6Qm5/qBRMb0JBiPYiHakpxZNrCbudk= SUSELinux
ssh-dss AAAAB3NzaC1kc3MAAAAgZRc8GNCn2loFpSUBQZy1sybhFcZUsVIqMG0PmSHw18cAAAAVAJhO2S8Xnyg45qfLYSm2z7/Tjp8lAAAAIAXeBC4YqNpfCGFrt4mk04f+5dZyL52gJqIezPiogEUqAAAAIBeMO5pEpwuBHFGLPCyewrIpJHNCjefBXYgYnswtEmcF TEST
skoltogyan писал(а):cat authorized_keys2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20061031"
AAAAB3NzaC1kc3MAAdfBAKKut6ZASpZEXxKLk08sl1BshykQuuL4JfvSaXkAPAfT
8n8TW67CZE3lsWCvYTVMyr2d1DH0m2kA21gCeukUyu+KVwUdmw8lO+VIHz49J56X
.......
5ujezq8/wMXyEOn9l6YcvQaEz4ji2ZbY2CfPfkhaUV+48NuqDewRJMayzmL6UJI/
/Ak=
---- END SSH2 PUBLIC KEY ----
skoltogyan писал(а):puttyget ver0.58
сгенерило:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20061108"
---- END SSH2 PUBLIC KEY ----
tst# xclock
Xlib: connection to "tst.mydomain.local:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: tst.mydomain.local:10.0
tst# echo $DISPLAY
tst.mydomain.local:10.0
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
host:/home/user # xterm
Xlib: connection to "localhost:10.0" refused by server
Xlib: Authentication failed at PuTTY X11 proxy
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm Xt error: Can't open display: %s
suid bit
dekloper писал(а):чую, чета с авторизацией в PAMе, а вот где, хз
плз, че можно "подкрутить"?
Андрей Тр. aka RH писал(а):Соответствующие службы в /etc/pam.d ? Если дело вообще в этом.
/etc/pam.d # cat ./sshd
#%PAM-1.0
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session optional pam_resmgr.so fake_ttyname
замтил такую страность X-форвард проходит только под юзером, под рутом выдает такую ошибку:
.....
tst ALL=(ALL) ALL
.....
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 1