From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Roel Sergeant Newsgroups: gmane.emacs.help Subject: Re: OT: Allowing PAM auth and reverting authorized_keys?! (Was: SSH blocks account when running within emacs) Date: Wed, 21 Nov 2012 13:26:04 +0100 Message-ID: References: <20121120212240.GA16931@hysteria.proulx.com> <87fw43i2ek.fsf_-_@destructor.i-did-not-set--mail-host-address--so-tickle-me> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=bcaec554d9d64efe9f04cf0074e9 X-Trace: ger.gmane.org 1353500790 2651 80.91.229.3 (21 Nov 2012 12:26:30 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 21 Nov 2012 12:26:30 +0000 (UTC) Cc: help-gnu-emacs@gnu.org To: Jeremiah Dodds Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Wed Nov 21 13:26:41 2012 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Tb9Nx-0007HO-EO for geh-help-gnu-emacs@m.gmane.org; Wed, 21 Nov 2012 13:26:33 +0100 Original-Received: from localhost ([::1]:44457 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tb9Nm-0001Pw-OT for geh-help-gnu-emacs@m.gmane.org; Wed, 21 Nov 2012 07:26:22 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:33086) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tb9Nc-0001Ol-JE for help-gnu-emacs@gnu.org; Wed, 21 Nov 2012 07:26:17 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Tb9NW-0001Ru-M1 for help-gnu-emacs@gnu.org; Wed, 21 Nov 2012 07:26:12 -0500 Original-Received: from mail-lb0-f169.google.com ([209.85.217.169]:35672) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tb9NW-0001RY-BJ for help-gnu-emacs@gnu.org; Wed, 21 Nov 2012 07:26:06 -0500 Original-Received: by mail-lb0-f169.google.com with SMTP id gk1so6087441lbb.0 for ; Wed, 21 Nov 2012 04:26:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kzVF3y73Sh+/RQqRI+6VRrDyzIu6koC0oY+aU8MLiko=; b=XHaQM6BjQL25ia/+wqB3Pbv5dKmd6OsuNSPo9RqmL1W349Q300GAZhJNOPaAjaxZlU E5ZRBNbedi/zhr9oh9EZFNnAfQxG8FIyK9PfwkeZHdnO8Hpe3HlsKakFxoWQn/ukZwBc UCXRnaPX8VPiTM5TA5PB0np9M92tYF4uV6iVEcPVJDGNVOxGK24uf8pVCdnTvT/rWOqN GYrbG78HeRrEdsvS9KCgSymRRlbyvu5JA20UcGYOPYdj/qc+tUrq6B47JZYxjX7V0xgd WVB7E4SMH5xB8h+kPOX/H5bxgiFzJw5luRk7lhZkUAwR8xC4dAyNcYkQDXAMLRuPMEsB cfGg== Original-Received: by 10.112.28.65 with SMTP id z1mr1853001lbg.119.1353500765125; Wed, 21 Nov 2012 04:26:05 -0800 (PST) Original-Received: by 10.112.149.102 with HTTP; Wed, 21 Nov 2012 04:26:04 -0800 (PST) In-Reply-To: <87fw43i2ek.fsf_-_@destructor.i-did-not-set--mail-host-address--so-tickle-me> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 209.85.217.169 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:87834 Archived-At: --bcaec554d9d64efe9f04cf0074e9 Content-Type: text/plain; charset=ISO-8859-1 On Wed, Nov 21, 2012 at 1:08 PM, Jeremiah Dodds wrote: > Roel Sergeant writes: > > > > Is it asking you for a password? Is it asking you for a passphrase? > > Is it using a SSH_ASKPASS defined service? Are you using an ssh rsa > > key? Why not? I think it most likely that you are running into > > problems during these phases. > > > > I use user/password authentication, but it doesn't ask for a password > when > > within emacs, but it does so in a normal shell. > > > > I tried setting it up with an rsa key, but it seems a cron job is > running that > > removes authorized_keys from user profiles (or they are copying profiles > > because they have multiple servers. I have to dig deeper into that after > > this issue is fixed). > > > > I certainly hope not. Allowing PAM auth and disallowing authorized_keys, > particularly reverting authorized_keys would raise "I don't want to be > dealing with this host/these people" red flags for me. > > Assuming it's not a permissions issue, I'd be asking whoever would be > relevant about the behaviour to make sure it's intentional. > > If it *is* intentional, it seems pretty wrong-headed. > > Thanks! Already send out the email to them to ask why... But since it happened 3 times I assumed it was intentional, but that was before I knew anything about ssh, except how to start a session... At least I learned a few new things this week. Kind regards, Roel. --bcaec554d9d64efe9f04cf0074e9 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Wed, Nov 21, 2= 012 at 1:08 PM, Jeremiah Dodds <jeremiah.dodds@gmail.com> wrote:
Roel Sergeant <rsergeant@gmail.com> writes:
>
> =A0 =A0 Is it asking you for a password? Is it asking you for a passph= rase?
> =A0 =A0 Is it using a SSH_ASKPASS defined service? Are you using an ss= h rsa
> =A0 =A0 key? Why not? I think it most likely that you are running into=
> =A0 =A0 problems during these phases.
>
> I use user/password authentication, but it doesn't ask for a passw= ord when
> within emacs, but it does so in a normal shell.
>
> I tried setting it up with an rsa key, but it seems a cron job is runn= ing that
> removes authorized_keys from user profiles (or they are copying profil= es
> because they have multiple servers. I have to dig deeper into that aft= er
> this issue is fixed).
>

I certainly hope not. Allowing PAM auth and disallowing authorized_keys, particularly reverting authorized_keys would raise "I don't want t= o be
dealing with this host/these people" red flags for me.

Assuming it's not a permissions issue, I'd be asking whoever would = be
relevant about the behaviour to make sure it's intentional.

If it *is* intentional, it seems pretty wrong-headed.


Thanks! Already send out the email to them to ask wh= y... But since it happened 3 times
I assumed it was intentional, = but that was before I knew anything about ssh,=A0
except how to start a session... At least I learned a few new things t= his week.
=A0
Kind regards,
Roel.
=
--bcaec554d9d64efe9f04cf0074e9--