[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH Unexpectedly Not Prompting for Password



Lucas, Brandon wrote:
>
> I have a question about SSH that I can't seem to figure out.  Here is the
> situation:
>
> 4 servers on RHEL 6.3

You really should update to 6.4, for security reasons if nothing else.
>
> One server has a local account ("teddy").  SSH key pairs have been set up
> between this "teddy" account and the other 3 servers on a different local
> account common to the other 3 servers ("bear"), but not present on the
> "teddy" server.  These 3 servers do not have a "teddy" account.
>
> Now, I am able to ssh without password between the 3 "bear" servers using
> the "bear" account without a password.  This behavior is undesired as it
> bypasses some key controls.
>
> I figure what must be happening here is that since the 3 "bear" servers
> have the same public key that points to the "teddy" server, they must be
> using that fourth server as some type of "witness" to verify the identity
> of the user making the ssh connection, bypassing the password for the
> "bear" account.  I have disabled AgentForwarding on all 4 servers in
> question, as well as X11Forwarding.  This has not helped.
>
> What is going on here and how do I avoid it?

As someone else said, ssh doesn't work that way. Question 1: where's your
home directory - it's not NFS mounted, is it? Second, did you do an
ssh-add on teddy, first? Third, are you doing ssh -A?

      mark



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]