[lug] OpenSSH

D. Stimits stimits at idcomm.com
Tue Jan 30 14:55:03 MST 2001 

"Michael J. Pedersen" wrote:
> 
> On Tue, Jan 30, 2001 at 12:58:46PM -0700, D. Stimits wrote:
> > I've seen several posts recently on setting up ssh, and used some of the
> > advice in those, but am still having problems setting things up
> > correctly (basically I'm working on getting one internal machine to
> > allow login on a per user key basis without passwords...blanket machine
> > setups are unacceptable). The "-v" option gives me some clues that are
> > useful, but not sufficient. So I'm looking for online docs and other
> > pages that might help in diagnosing or setting up ssh, but for the last
> > couple of days have been unable to reach www.openssh.org's web site.
> > Does anyone know of a good url concerning ssh setup?
> 
> Nope, dunno of a good url. However, here's the steps to take to make it happen
> (as I use it every day, I'm fairly certain this works :)
> 
> 1) As the user who will login, issue 'ssh-keygen'
>    Follow all prompts, but make certain not to use a passphrase on this secret
>    key.
> 2) Copy the file $HOME/.ssh/identity.pub to $HOME/.ssh/authorized_keys on the
>    server to which you will log in.
> 3) On the server you log into, find the file 'sshd_config', and make the
>    following changes to it:
>    -----
>    PasswordAuthentication no
>    PermitEmptyPasswords yes
>    -----
> 4) Restart sshd
> 5) chown -R user:group $HOME/.ssh
> 6) chmod 0700 $HOME/.ssh ; chmod 0600 $HOME/.ssh/*
> 
> You should now be able to login successfully.
> 

FYI, I discovered it was a mistake to look for www.openssh.org, but
instead I should have looked for the .com version (.org was incorrect).

Unfortunately it doesn't work. If I use ssh, it simply says permission
denied (it isn't the local ssh file either, it works to localhost and to
many sites. If I use ssh2 (this machine has both commercial ssh and
openssh ssh2 clients, since I *must* use the commercial version to
interact with my SunOS account on one site; the other machine involved
is pure openssh), I get what looks like it works most of the way
through, then /var/log/messages reports:
sshd[1076]: Disconnecting: Corrupted HMAC on input.

While looking through some of the doc's at openssh.com, it mentions the
HMAC error, but offers no solutions (it words it as if there is no
solution yet).

I want to completely remove all ssh items from two linux boxes, and
reinstall with newer versions only, but I'm having problems with rpms
(none exist for RH 6.2, the source rpm's of 7 won't work on my 6.2
boxes). The FreeBSD tarball does not have a configure script, and the
Makefile seems screwed for use with linux. There don't seem to be any
ssh version 2.3 tarballs available that are intended for linux, I could
only find FreeBSD of that version, and 2.2 for linux. Somehow I need to
find a current tarball for linux, and remove absolutely all of the old
stuff and start from scratch. Once I succeed, it will probably be broken
by the dual install of the client for commercial version that I have to
use to get to my SunOS account (openssh is incompatible with the
commercial one).

D. Stimits, stimits at idcomm.com

More information about the LUG mailing list