Wednesday, November 27, 2013

sshd: why you have to type your password
Or: Why can't nxclient authenticate?

I set up passwordless login on my home computers literally a decade ago, but after a recent upgrade I found myself confronted by this nonsense:
% ssh p3
My initial reaction—viz., "wtf?"—gave way to my usual "let's-get-on-with-it" attitude, and so for a while I've just been typing in my password.

Perhaps you've heard the quip that a reasonable man adapts himself to circumstances, but the unreasonable man adapts the circumstances to himself? And therefore, all progress depends upon the unreasonable man? Well, today I got unreasonable.

The catalyst was my totally unreasonable desire to use FreeNX at work. I ran nxclient and typed my password in (that's expected btw). But I got some message about can't authenticate. Wha...? Why would this start failing? It worked before I upgraded to OpenSUSE 12.3 (64-bit).

Various websites told me to look in /var/log/auth.log, which my computer doesn't have. So I went looking in the config file for logfile information. No joy. But I happened to see this:

$ grep -A2 authorized_keys2 /etc/ssh/sshd_config
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys
A-HA! So in /etc/NX/home/nx/.ssh and also in my own $HOME/.ssh, I said:
collin@p3:~/.ssh> ll auth*
-rw-r--r-- 1 collin users 1341 Jul 26  2003 authorized_keys
-rw-r--r-- 1 collin users 2031 May 20  2006 authorized_keys2
collin@p3:~/.ssh> mv authorized_keys authorized_keys-2003-07-26
collin@p3:~/.ssh> mv authorized_keys2 authorized_keys
My next nxclient connection attempt worked. As did my next login at home.

Life's little victories...

No comments: