disabling the authentication agent?

Robert Mooney rjmooney at aboveground.cx
Sat Feb 2 15:33:40 EST 2002


Is there any way to disable the authentication agent globally?  I'm not
quite sure I understand it's purpose.  Here is some background info:

workstation: Key pair (dsa).
host1: No key pair.  No authorized_keys.
host2: Has my workstation's key in authorized_keys.

I ssh to host1 from my workstation.
I ssh to host2 from host1.  I am asked for a password.  Good.
I ssh to host2 from my workstation.  I am logged in via pubkey auth.
I relogin to host2 from host1.  I am not asked for a password.  Why?

It doesn't sit well with me when a host allows me to login without a pass-
word, when I haven't configured it that way (I realize it may be OK, but 
still...)

host1:~$ ssh -vvv host2
OpenSSH_3.0.2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to host2 [] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/rjmooney/.ssh/identity type -1
debug1: identity file /home/rjmooney/.ssh/id_rsa type -1
debug1: identity file /home/rjmooney/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.0.2
debug1: match: OpenSSH_3.0.2 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.0.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 134/256
debug1: bits set: 1614/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host2' is known and matches the RSA host key.
debug1: Found key in /home/rjmooney/.ssh/known_hosts:1
debug1: bits set: 1616/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key "Robert Mooney at workstation"
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 819 lastkey 0x490a0 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384
Last login: Fri Feb  1 22:31:04 2002 from host1
host2:~$

- Rob

--
Robert Mooney (rjmooney at aboveground.cx)
www: http://www.aboveground.cx/~rjmooney/ 




More information about the openssh-unix-dev mailing list