2
Here's what happened:
- I set up ssh key so that
usercould ssh fromAtoBwithout a password. - I got
user's password wrong in some other context too many times, anduser's account got locked out. (IT uses Active Directory here) - IT unlocked the account. Concurrent to the unlocking, a script was running, calling something like
ssh user@B some-health-check-commandevery 5 seconds or so -- which seemed to work fine before I causeduserto get locked out in step 2. - IT reports
userreliably gets locked out a short time after each unlock attempt.
I thought the ssh key would allow ssh user@B some-command as long as the account is not locked.
But it behaves as if, when user gets unlocked, B suddenly asks for a password and since my command repeatedly runs without supplying a password, the account gets locked out after 5 attempts.
Account cannot be accessed at this time.
Please contact your system administrator.
My questions are...
- Is that what's happening? Or: what's happening?
- More importantly: How can I reconfigure things such that my script doesn't cause problems? Can I accomplish what I want without having to install
Expect? (I don't know if I have permission to do so)
Other notes: Not using ssh-agent currently. The ssh command is running on our Jenkins master, a linux box. A and B are Mac OS X. user is managed in Active Directory and normally can sign into all three machines. Other than these things and the ssh key I set up, everything else has the default configuration as far as I know.
user1011471
Posted 2013-06-28T15:53:47.960
Reputation: 165
Things to check: 1) Do you have the ssh option PreferredAuthentications set to publickey?, this will cause ssh to only try publickey. 2) If you have a passphrase on your publickey, you will need to use ssh-agent. 3) Can you manually run the command from the same source system and have it connect to the destination system without manually intervention? If not, you don't have public authentication set up correctly. See #2. – Yedric – 2013-08-22T14:14:53.030