[wplug] weird rsync error

Jonathan S. Billings wbanguna at gmail.com
Fri Mar 21 07:27:00 EST 2008 

On Wed, Mar 19, 2008 at 10:57:17PM -0400, Zach wrote:
> 
> Hi Tom,
> 
> Seems once again a connection is established but no file transfer
> takes place. This is really vexing! Details below:
> 
> ubuntu at ubuntu:~$ cd .ssh/
> ubuntu at ubuntu:~/.ssh$ ls
> id_dsa  id_dsa.pub  known_hosts
> ubuntu at ubuntu:~/.ssh$ scp -v id_dsa.pub
> chaos at unix.club.cc.cmu.edu:~/.ssh/authorized_keys
> Executing: program /usr/bin/ssh host unix.club.cc.cmu.edu, user chaos,
> command scp -v -t ~/.ssh/authorized_keys
[...]
> debug1: Sending command: scp -v -t ~/.ssh/authorized_keys
> debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
> debug1: channel 0: free: client-session, nchannels 1
> debug1: fd 0 clearing O_NONBLOCK
> debug1: fd 1 clearing O_NONBLOCK
> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 144.4 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug1: Exit status -1
> lost connection

I believe what you're seeing here is due to the fact that you don't
have AFS tokens when you log in through SSH (not sure why, maybe it's
not a kerberos password you're using, but a local password?  Or maybe
it's not generating tokens when you log in? )  

When you log in normally, does it ask for you to kinit?  If so, does
your kinit generate AFS tokens?  I haven't touched the club systems
before so I don't know what kind of setup they have.

Also, I see this:
% fs la /afs/club.cc.cmu.edu/user/chaos/.ssh
Access list for /afs/club.cc.cmu.edu/user/chaos/.ssh is
Normal rights:
  system:administrators rlidwka
  system:anyuser l
  chaos rlidwka
  chaos.mail rl

With these rights, even if you did manage to put an authorized_keys in
there, the sshd on the club system would never be able to see them
because it wouldn't be able to read that file.  

When I was at CMU, I had a ~/.ssh that had system:anyuser rl
(actually, system:friendlyhost, but I'm more paranoid), and a
~/.ssh_private that had more secure restrictions on it, where my
private keys stayed.  I put symlinks in ~/.ssh to files in
~/.ssh_private so normal ssh actions worked.


-- 
Jonathan Billings <wbanguna at gmail.com>

More information about the wplug mailing list