[lug] stupid ssh config question

Steven A Hart steven.hart at colorado.edu
Thu Jun 15 10:31:57 MDT 2017 

Dan,  I'll look a bit more into this but for right now, I can ssh to the
server normally as any account using normal passwords (which is what I
want), and when logged in as root on the server, I can do a passwordless
login to root on the client.

Jonathan,  Yes, I'd be worried if I had the ssh ports open to the world but
they are all blocked.  Someone would have to be on campus at CU to try any
brute force attacks.  I will look into firming this up security-wise
 regardess but my main concern was logging into the server normally.

Thanks all!

Steve

On Thu, Jun 15, 2017 at 10:26 AM, Dan Mackin <dan at appliedtrust.com> wrote:

> You should be able to have pass auth set to no and still use keys. In
> fact, it's recommended if you're going to use keys. Otherwise you're
> bypassing keypair auth and just using pass auth. If all you changed was
> setting pass auth to yes, you're likely now just bypassing keypair auth.
> -Dan
>
> On Thu, Jun 15, 2017 at 10:24 AM, Steven A Hart <steven.hart at colorado.edu>
> wrote:
>
>> Might have just found the problem.  I had PasswordAuthentication set to
>> no.  Like I said, stupid mistake.
>>
>> I know setting things up this way is not great, but since this is not
>> open to the outside world, I think it's ok for now.
>>
>> Thanks for the help everyone.  Sorry to be a bother.
>>
>> Steve
>>
>> On Thu, Jun 15, 2017 at 10:17 AM, Steven A Hart <steven.hart at colorado.edu
>> > wrote:
>>
>>> Stephen, agreed.
>>>
>>> David, id_rsa is located in /root/.ssh/
>>>
>>> On Thu, Jun 15, 2017 at 10:15 AM, david <dafr at dafr.us> wrote:
>>>
>>>> On 06/15/2017 09:02 AM, Steven A Hart wrote:
>>>>
>>>> So on the server I generated the keys resulting in id_rsa and id_rsa.pub
>>>>> being created.  I moved  id_rsa.pub to authorized_keys and copied that
>>>>> over to the root account on the client in /root/.ssh.  Sure enough, the
>>>>> ssh works from server to client without password.
>>>>>
>>>>> The problem now is that when I ssh from anywhere to the server as
>>>>> either
>>>>> root or my admin account, I get:
>>>>>
>>>>> Permission denied (publickey).
>>>>>
>>>>> I know I made a stupid mistake somewhere, I just need someone to point
>>>>> and say "look there stupid!"
>>>>>
>>>>
>>>>
>>>> Have you copied id_rsa to the appropriate home account on the
>>>> originating server? Without that, I would expect the error you present
>>>> above.
>>>>
>>>> dafr
>>>>
>>>>
>>>> _______________________________________________
>>>> Web Page:  http://lug.boulder.co.us
>>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>>> Join us on IRC: irc.hackingsociety.org port=6667
>>>> channel=#hackingsociety
>>>>
>>>
>>>
>>>
>>> --
>>> Steve Hart
>>> Systems Administrator
>>> Colorado Center for Astrodynamics Research
>>> University of Colorado Boulder
>>> Steven.Hart at colorado.edu
>>> (303)492-8109 <(303)%20492-8109>
>>>
>>
>>
>>
>> --
>> Steve Hart
>> Systems Administrator
>> Colorado Center for Astrodynamics Research
>> University of Colorado Boulder
>> Steven.Hart at colorado.edu
>> (303)492-8109 <(303)%20492-8109>
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
>
> --
> ------
>  Dan Mackin - http://appliedtrust.com/dan
>  AppliedTrust - http://appliedtrust.com - 303.245.4516 <(303)%20245-4516>
>



-- 
Steve Hart
Systems Administrator
Colorado Center for Astrodynamics Research
University of Colorado Boulder
Steven.Hart at colorado.edu
(303)492-8109
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170615/ec68bf52/attachment.html>

More information about the LUG mailing list