[lug] ssh and pubkey

j davis davis_compz at hotmail.com
Mon Aug 12 20:23:21 MDT 2002


ok, i did all of that...when i tail -f /var/log/secure on the sshd server
while i am trying to login using pubkey it says that
pubkey auth and keyboard interactive has failed for root. i copied roots
id_isa.pub and id_rsa.pub to /root/.ssh/authorized_keys on the sshd 
server...
here is my sshd config, sorry,...

Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
#HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
PermitRootLogin without-password
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile        .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
# HostbasedAuthentication yes
# Change to yes if you don't trust ~/.ssh/known_hosts for
#RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords yes

# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication no
#KerberosOrLocalPasswd no
#KerberosTicketCleanup no

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem        sftp        /usr/libexec/openssh/sftp-server



thanks,
jd







>From: Warren Sanders <sanders at montanalinux.org>
>Reply-To: lug at lug.boulder.co.us
>To: lug at lug.boulder.co.us
>Subject: Re: [lug] ssh and pubkey
>Date: Mon, 12 Aug 2002 19:14:19 -0600
>
>I did just this task today.  If I can remember the exact steps...
>First off I think you may already know the first steps, but for the sake of 
>others and documentation...
>
>   1. ssh-kegen -t rsa
>   2. ssh-agent bash (or whatever shell)
>   3. ssh-add
>   4. scp $user/.ssh/id_rsa.pub $user at other-box:$user/.ssh/authorized_keys
>
>In my case I did localdomain root accounts on both sides.  I can access 
>both sides without authentication.  My purpose for doing this was to run 
>rsync over ssh transport as a cron job.
>
>
>j davis wrote:
>
>>Hello,
>>I tried setting up ssh to not use a passwd so i could have my
>>scrips log in using id_dsa....so i got kinda confused here...
>>
>>You must now put the public key on the remote machine
>>
>>    * Copy the public key to the server: use scp, ftp, email, paste it 
>>with a mouse, anything.
>>    * Connect to the server with ssh and password authentication.
>>    * put the key in the ``correct'' place. This depends on your 
>>implementation and version.
>>
>>OpenSSH (SSH-1)
>>
>>    copy the key into  /.ssh/authorized_keys
>>OpenSSH (SSH-2)
>>
>>    copy the key into  /.ssh/authorized_keys2
>>Sun SSH Solaris 9 (SSH-2)
>>
>>    copy the key into  /.ssh/authorized_keys
>>Commercial SSH (SSH-1)
>>
>>    copy the key into  /.ssh/authorized_keys
>>Commercial SSH (SSH-2)
>>
>>copy the key to the file  /.ssh2/mykey.pub and create a file called  
>>/.ssh2/authorization that contains a line Key mykey.pub
>>
>>um...does /.ssh mean create .ssh/authorized_keys in / or what...
>>im using rh7.3 up2dated sshd.
>>
>>thanks,
>>jd
>>
>>jd at taproot.bz
>>http://www.taproot.bz
>>
>>_________________________________________________________________
>>Chat with friends online, try MSN Messenger: http://messenger.msn.com
>>
>>_______________________________________________
>>Web Page:  http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
>--
>Warren Sanders
>http://MontanaLinux.org
>
>
>
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug


thanks,
jd

jd at taproot.bz
http://www.taproot.bz

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com




More information about the LUG mailing list