Web lists-archives.com

Re: issues with stretch, part 1 of many




On 27-11-2018, at 13h 33'55", Ionel Mugurel Ciobîcă wrote about "issues with stretch, part 1 of many"
> 
> 
> Dear all,
> 
> I have many issues with stretch which I cannot figure it out. I will
> post one at the time, to keep it clear and simple.
> 
> I use Debian since 1997. I never had an issue with any release, except
> stretch. I installed fresh using net install disk. The install went OK
> (except I was forced to chose a wrong timezone (I was not asked about
> the continent), but that I fix after installation).
> 
> The first question I want to ask relates to ssh, ssh-ask and
> ssh-agent. When I ssh to another computer I am asked "Allow use of key
> id_rsa? Key fingerprint ..." If I uninstall all ssh-ask programs I
> simply can't use the ssh-agent anymore and I am prompted for password.
> I try ssh-ask, ssh-ask-fullscreen, ssh-ask-gnome and the similar from
> kde. I check the /etc/ssh/ssh_config and /etc/ssh/sshd_config for
> anything that may relate to this. The only think coming close are:
> UsePAM yes
> ChallengeResponseAuthentication no
> 
> Is there something I overlook?
> 
> To be clear, I do not want to be asked if I allow the use of a key, I
> just want this to be assumed yes, as it was the case in the past. 
> 
> So, I run Linux 4.9.0-8-amd64, Debian 9u6. ssh is openssh_7.4p1,
> openssl 1.0.2l ssh-agent is started in $HOME/.xsessionrc as:
> eval `ssh-agent -s`
> 

A hint of the followup questions already is given by the ssh-agent the
first time when the passphrase is introduced, by announcing: "Enter
passphrase for id_rsa (will confirm each use):".

I do not want to confirm each usage. My .xsession(rc) contains many
calls of "xterm -e ssh ..." using -geometry to position the xterms,
and all of those "allow use of key..." questions agglomerates on the
same place, one on top of each other. I do not understand conceptually
why this would be desired (to be asked again and again). The point of
ssh-agent was to make it simpler, not more complicated. If I want to
be asked, I will not use the agent, so I can input password when
connecting...


Kind regards,
 Ionel