Hi,
we're making heavy use of password-less logins (a generic
user account with no password and a special app as login
shell).
The account gets
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).
and that's it. How do I make ssh in Sol10 behave like OpenSSH
and permit that user account to connect via ssh?
Cheers
Oh ... and an interesting side-note; one can't truss the sshd within a local
zone; one has to go to the global zone and truss random sshd processes
until one gets to one that actually outputs stuff when one attempts to
connect - not quite what I expected of a zone.
Cheers
> Oh ... and an interesting side-note; one can't truss
> the sshd within a local
> zone
Can you elaborate on your problems with truss in a non-global zone? It seems to be okay for me...
zone1# df -k /
Filesystemkbytesusedavail capacity Mounted on
/6627587 4096038 246527463%/
zone1# ps -ef | grep ssh
root 6205 60250Oct 17 ?0:00 /usr/lib/ssh/sshd
root 6953 69320 17:44:44 pts/20:00 grep ssh
zone1# truss -p 6205
pollsys(0xFFBFF410, 1, 0x00000000, 0x00000000) (sleeping...)
^Czone1#
Worked the same if I did it on launch as well as to a running process.
zone1# truss /usr/lib/ssh/sshd -D
execve("/usr/lib/ssh/sshd", 0xFFBFFEAC, 0xFFBFFEB4) argc = 1
resolvepath("/usr/lib/ld.so.1", "/lib/ld.so.1", 1023) = 12
resolvepath("/usr/lib/ssh/sshd", "/usr/lib/ssh/sshd", 1023) = 17
[...]
> one has to go to the global zone and truss
> random sshd processes
> until one gets to one that actually outputs stuff
> when one attempts to
> connect - not quite what I expected of a zone.
Even if you had to do it from the global zone (which I can't reproduce), I'm not sure why you'd have to try random processes.'svcs' will show which processes are owned by the service.
zone1# svcs -p ssh
STATE STIMEFMRI
online Oct_17svc:/network/ssh:default
Oct_176205 sshd
--
Darren
