[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gsi-openssh] Getting hosts-based authentication to work
For some reason I am unable to get the GSI-enabled version of SSH to
accept host-based authentication, although it accepts GSI
authentication, password authentication, and also RSA authentication.
If I try to (eg.) ssh to the first compute node in the cluster I get the
following output: (GSI ssh is in the path ... plain old ssh is
/usr/bin/ssh and works fine)
[daikema@wg1 daikema]$ ssh compute1
could not open any host key
ssh_msg_send: write
Digging a little deeper, it appears that the cause of this error is a
program called ssh-keysign (in /usr/local/globus/libexec on wg1):
[daikema@wg1 libexec]$ /usr/local/globus/libexec/ssh-keysign
could not open any host key
ssh-keysign is setuid root, and any files that I suspect that it might
attempting to open have permissions set to at least being readable by
root.
Some steps that I encoutered along the road: needing to add the Globus
lib directory to /etc/ld.so.conf so that it would pickup the Globus
libraries... and I also needed to add " EnableSSHKeysign yes" to my
ssh_config file
Any idea how I might fix this problem?
I've attached a strace of ssh-keysign, just in case that might be
helpful.
David Aikema
----
[daikema@wg1 daikema]# strace '/usr/local/globus/libexec/ssh-keysign'
2>&1 | tee ~/strace_ssh-keysign
execve("/usr/local/globus/libexec/ssh-keysign",
["/usr/local/globus/libexec/ssh-keysign"], [/* 39 vars */]) = 0
uname({sys="Linux", node="wg1.triumf.ca", ...}) = 0
brk(0) = 0x80739bc
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x40016000
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/local/globus/lib/tls/i686/mmx/libutil.so.1", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/local/globus/lib/tls/i686/mmx", 0xbfffe180) = -1 ENOENT (No
such file or directory)
open("/usr/local/globus/lib/tls/i686/libutil.so.1", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/local/globus/lib/tls/i686", 0xbfffe180) = -1 ENOENT (No
such file or directory)
open("/usr/local/globus/lib/tls/mmx/libutil.so.1", O_RDONLY) = -1 ENOENT
(No such file or directory)
stat64("/usr/local/globus/lib/tls/mmx", 0xbfffe180) = -1 ENOENT (No such
file or directory)
open("/usr/local/globus/lib/tls/libutil.so.1", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/usr/local/globus/lib/tls", 0xbfffe180) = -1 ENOENT (No such
file or directory)
open("/usr/local/globus/lib/i686/mmx/libutil.so.1", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/local/globus/lib/i686/mmx", 0xbfffe180) = -1 ENOENT (No
such file or directory)
open("/usr/local/globus/lib/i686/libutil.so.1", O_RDONLY) = -1 ENOENT
(No such file or directory)
stat64("/usr/local/globus/lib/i686", 0xbfffe180) = -1 ENOENT (No such
file or directory)
open("/usr/local/globus/lib/mmx/libutil.so.1", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/usr/local/globus/lib/mmx", 0xbfffe180) = -1 ENOENT (No such
file or directory)
open("/usr/local/globus/lib/libutil.so.1", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/usr/local/globus/lib", {st_mode=S_IFDIR|0755, st_size=12288,
...}) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=130790, ...}) = 0
old_mmap(NULL, 130790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40017000
close(3) = 0
open("/lib/libutil.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \16\0\000"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=12716, ...}) = 0
old_mmap(NULL, 11048, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40037000
old_mmap(0x40039000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x1000) = 0x40039000
close(3) = 0
open("/usr/local/globus/lib/libz.so.1", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/lib/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\31"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=52616, ...}) = 0
old_mmap(NULL, 55596, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x4003a000
old_mmap(0x40046000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0xb000) = 0x40046000
close(3) = 0
open("/usr/local/globus/lib/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p<\0\000"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=91624, ...}) = 0
old_mmap(NULL, 85184, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40048000
old_mmap(0x4005a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x11000) = 0x4005a000
old_mmap(0x4005b000, 7360, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4005b000
close(3) = 0
open("/usr/local/globus/lib/libglobus_gss_assist_gcc32dbg.so.0",
O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0X \0\000"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=331079, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4005d000
old_mmap(NULL, 39352, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x4005e000
old_mmap(0x40067000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x8000) = 0x40067000
close(3) = 0
open("/usr/local/globus/lib/libglobus_gssapi_gsi_gcc32dbg.so.0",
O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0HT\0\000"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=1548746, ...}) = 0
old_mmap(NULL, 105984, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40068000
old_mmap(0x40081000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x18000) = 0x40081000
close(3) = 0
open("/usr/local/globus/lib/libglobus_gsi_proxy_core_gcc32dbg.so.0",
O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\350<\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=275160, ...}) = 0
old_mmap(NULL, 55704, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40082000
old_mmap(0x4008f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0xc000) = 0x4008f000
close(3) = 0
open("/usr/local/globus/lib/libglobus_gsi_credential_gcc32dbg.so.0",
O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\\7\0\000"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=278467, ...}) = 0
old_mmap(NULL, 54536, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40090000
old_mmap(0x4009d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0xd000) = 0x4009d000
close(3) = 0
open("/usr/local/globus/lib/libglobus_gsi_callback_gcc32dbg.so.0",
O_RDONLY) = 3read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008)\0\000"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=195048, ...}) = 0
old_mmap(NULL, 38188, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x4009e000
old_mmap(0x400a7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x8000) = 0x400a7000
close(3) = 0
open("/usr/local/globus/lib/libglobus_oldgaa_gcc32dbg.so.0", O_RDONLY) =
3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0(\"\0\000"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=123139, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x400a8000
old_mmap(NULL, 35832, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x400a9000
old_mmap(0x400b1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x7000) = 0x400b1000
close(3) = 0
open("/usr/local/globus/lib/libglobus_gsi_sysconfig_gcc32dbg.so.0",
O_RDONLY) =
3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\304 \0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=146616, ...}) = 0
old_mmap(NULL, 42196, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x400b2000
old_mmap(0x400bc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x9000) = 0x400bc000
close(3) = 0
open("/usr/local/globus/lib/libglobus_gsi_cert_utils_gcc32dbg.so.0",
O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\364\32"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=117831, ...}) = 0
old_mmap(NULL, 17120, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x400bd000
old_mmap(0x400c1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x4000) = 0x400c1000
close(3) = 0
open("/usr/local/globus/lib/libglobus_openssl_gcc32dbg.so.0", O_RDONLY)
= 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\n\0"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=65363, ...}) = 0
old_mmap(NULL, 4512, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x400c2000
old_mmap(0x400c3000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x1000) = 0x400c3000
close(3) = 0
open("/usr/local/globus/lib/libglobus_proxy_ssl_gcc32dbg.so.0",
O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\10\32\0"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=82358, ...}) = 0
old_mmap(NULL, 13064, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x400c4000
old_mmap(0x400c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x3000) = 0x400c7000
close(3) = 0
open("/usr/local/globus/lib/libglobus_openssl_error_gcc32dbg.so.0",
O_RDONLY) =
3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\324\24"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=103872, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x400c8000
old_mmap(NULL, 15840, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x400c9000
old_mmap(0x400cc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x2000) = 0x400cc000
close(3) = 0
open("/usr/local/globus/lib/libssl_gcc32dbg.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\374\217"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=1381730, ...}) = 0
old_mmap(NULL, 216228, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x400cd000
old_mmap(0x400ff000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x31000) = 0x400ff000
close(3) = 0
open("/usr/local/globus/lib/libcrypto_gcc32dbg.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0d-\2\000"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=6997267, ...}) = 0
old_mmap(NULL, 913348, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40102000
old_mmap(0x401d3000, 45056, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0xd0000) = 0x401d3000
old_mmap(0x401de000, 12228, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401de000
close(3) = 0
open("/usr/local/globus/lib/libglobus_common_gcc32dbg.so.0", O_RDONLY) =
3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\330\276"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=878515, ...}) = 0
old_mmap(NULL, 163024, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x401e1000
old_mmap(0x40206000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x24000) = 0x40206000
old_mmap(0x40208000, 3280, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40208000
close(3) = 0
open("/usr/local/globus/lib/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No
such file
or directory)
open("/lib/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\t\0"...,
512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=23688, ...}) = 0
old_mmap(NULL, 181312, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40209000
old_mmap(0x4020e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x4000) = 0x4020e000
old_mmap(0x4020f000, 156736, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4020f000
close(3) = 0
open("/usr/local/globus/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220W\1"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1536292, ...}) = 0
old_mmap(0x42000000, 1261416, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x42000000
old_mmap(0x4212f000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x12f000) = 0x4212f000
old_mmap(0x42132000, 8040, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x42132000
close(3) = 0
open("/usr/local/globus/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such
file or
directory)
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\30"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=15900, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x40236000
old_mmap(NULL, 13176, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40237000
old_mmap(0x4023a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x2000) = 0x4023a000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4023b000
set_thread_area({entry_number:-1 -> 6, base_addr:0x4023b5a0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0x40017000, 130790) = 0
open("init_pathnames() not called!", O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such
file or directory)
open("init_pathnames() not called!", O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such
file or directory)
brk(0) = 0x80739bc
brk(0x80749bc) = 0x80749bc
brk(0) = 0x80749bc
brk(0x8075000) = 0x8075000
getuid32() = 0
setresuid32(0xffffffff, 0, 0xffffffff) = 0
getuid32() = 0
setuid32(0) = 0
getpid() = 30420
getpid() = 30420
open("/dev/urandom", O_RDONLY) = 3
read(3, "\364\340\256\222\224N62\327=l\252z\217\t%\231\236\323\264"...,
20) = 20close(3) = 0
getpid() = 30420
getpid() = 30420
getuid32() = 0
getpid() = 30420
time(NULL) = 1062021713
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getpid() = 30420
getuid32() = 0
open("/usr/local/globus/etc/ssh/ssh_config", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1222, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40017000
read(3, "#\t$OpenBSD: ssh_config,v 1.16 20"..., 4096) = 1222
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40017000, 4096) = 0
write(2, "could not open any host key\r\n", 29could not open any host
key
) = 29
exit_group(255) = ?