2
Here's what happened:
- I set up ssh key so that
user
could ssh fromA
toB
without a password. - I got
user
's password wrong in some other context too many times, anduser
's account got locked out. (IT uses Active Directory here) - IT unlocked the account. Concurrent to the unlocking, a script was running, calling something like
ssh user@B some-health-check-command
every 5 seconds or so -- which seemed to work fine before I causeduser
to get locked out in step 2. - IT reports
user
reliably gets locked out a short time after each unlock attempt.
I thought the ssh key would allow ssh user@B some-command
as long as the account is not locked.
But it behaves as if, when user
gets unlocked, B
suddenly asks for a password and since my command repeatedly runs without supplying a password, the account gets locked out after 5 attempts.
Account cannot be accessed at this time.
Please contact your system administrator.
My questions are...
- Is that what's happening? Or: what's happening?
- More importantly: How can I reconfigure things such that my script doesn't cause problems? Can I accomplish what I want without having to install
Expect
? (I don't know if I have permission to do so)
Other notes: Not using ssh-agent currently. The ssh command is running on our Jenkins master, a linux box. A
and B
are Mac OS X. user
is managed in Active Directory and normally can sign into all three machines. Other than these things and the ssh key I set up, everything else has the default configuration as far as I know.
Things to check: 1) Do you have the ssh option PreferredAuthentications set to publickey?, this will cause ssh to only try publickey. 2) If you have a passphrase on your publickey, you will need to use ssh-agent. 3) Can you manually run the command from the same source system and have it connect to the destination system without manually intervention? If not, you don't have public authentication set up correctly. See #2. – Yedric – 2013-08-22T14:14:53.030