> * In message <[EMAIL PROTECTED]>
> * On the subject of "Re: rh8 security: nfs & ssh"
> * Sent on Fri, 15 Nov 2002 21:54:32 -0600 (CST)
> * Honorable Yoink! <[EMAIL PROTECTED]> writes:
>
> On 15 Nov 2002, Sam Steingold wrote:
> > upgrading to rh8 broke nfs and ssh:
> >
> > 1. I cannot mount nfs:
> > I have two machines on my lan (using a linksys router).
> > both have identical /etc/exports:
> >
> > / 192.168.1.*(rw,async,no_root_squash)
> >
> > and /etc/fstab:
> >
> > the-other-host:/ /mnt/the-other-host nfs user,exec,intr,rw 0 0
> >
> > this setup worked with rh7.3 but now I get "permission denied".
> > I have nfs-utils-1.0.1-2 installed.
>
> # chkconfig --list
>
> should show nfs and portmap running at runlevels 3, 4 and 5.
it does.
> does "exportfs -a" show any errors on the nfs server?
nope.
> what does "rpcinfo -p nfsserver" from the-other-host say?
first# rpcinfo -p second
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 1024 status
100024 1 tcp 1024 status
391002 2 tcp 1025 sgi_fam
100011 1 udp 1013 rquotad
100011 2 udp 1013 rquotad
100011 1 tcp 1016 rquotad
100011 2 tcp 1016 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1026 nlockmgr
100021 3 udp 1026 nlockmgr
100021 4 udp 1026 nlockmgr
100005 1 udp 1027 mountd
100005 1 tcp 1026 mountd
100005 2 udp 1027 mountd
100005 2 tcp 1026 mountd
100005 3 udp 1027 mountd
100005 3 tcp 1026 mountd
second# rpcinfo -p first
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32768 status
391002 2 tcp 32769 sgi_fam
100011 1 udp 979 rquotad
100011 2 udp 979 rquotad
100011 1 tcp 982 rquotad
100011 2 tcp 982 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 32774 nlockmgr
100021 3 udp 32774 nlockmgr
100021 4 udp 32774 nlockmgr
100005 1 udp 32775 mountd
100005 1 tcp 33799 mountd
100005 2 udp 32775 mountd
100005 2 tcp 33799 mountd
100005 3 udp 32775 mountd
100005 3 tcp 33799 mountd
> > 2. ssh now requires a password to login:
> > I have identical ~/.ssh/ on both machines (on local disks), and I
> > use ssh-agent and with rh7 I was not asked password when I said
> > "ssh the-other-host", but now ssh asks me for the password (and lets
> > me in when I type the login password - not the ssh passphrase).
> > I did not modify the stock /etc/ssh/sshd_config, and I suspect that
> > there is a magic incantation that would work, but the man page only
> > told me how to disable password auth - and although I am happy to do
> > it, it does not help me to login without it.
>
> Never tried it that way, but as "man ssh" tells us:
>
> ssh implements the RSA authentication protocol automatically. The user
> creates his/her RSA key pair by running ssh-keygen(1). This stores the
> private key in $HOME/.ssh/identity and the public key in
> $HOME/.ssh/identity.pub in the user's home directory. The user should
> then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home
> directory on the remote machine (the authorized_keys file corresponds to
> the conventional $HOME/.rhosts file, and has one key per line, though the
> lines can be very long). After this, the user can log in without giving
> the password. RSA authentication is much more secure than rhosts authen-
> tication.
>
> Which always worked for me.
indeed it worked for me too, for all the other servers except for the
ones I administer :-(
actually, I _can_ ssh from FIRST to SECOND - but not the other way around.
--
Sam Steingold (http://www.podval.org/~sds) running RedHat8 GNU/Linux
<http://www.camera.org> <http://www.iris.org.il> <http://www.memri.org/>
<http://www.mideasttruth.com/> <http://www.palestine-central.com/links.html>
Bus error -- driver executed.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
