SSH Problem
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Mon Dec 22 00:59:02 PST 2008
Corne, good day.
Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote:
> The issue I have, hope somebody can help me, is with ssh security keys,
> no matter if I use RSA or DSA keys with or without passwords, I still
> have to login with a password to my FreeBSD server.
> It is between a Linux server(Client server) and my FreeBSD server.
>
> My setups are as follows:
> >From client server:
> Linux nagios-server 2.6.23-hardened-r4 #1 SMP
> OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
>
>
> To FreeBSD server:
> FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri
> May 25 19:54:30 IST 2007
> root at secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP i386
> OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
>
> In my "/etc/rc.conf":
> sshd_enable="NO"
> sshd2_enable="YES"
There is no 'sshd2_enable' knob, there is only 'sshd_enable' one.
The protocols (and other stuff) are configured in /etc/ssh/sshd_config.
> I have tried the public key in various directories, in the users home
> directory, ie.
> .ssh/authorized_keys
> .ssh/authorized_keys2
>
> .ssh2/authorized_keys
> .ssh2/authorized_keys2
This is also governed by host's sshd_config: by-default, .ssh/authorized_keys
are used:
-----
AuthorizedKeysFile .ssh/authorized_keys
-----
> Permissions are set to 700 for the .ssh(2) directories and 600 for the
> authorized_keys(2) files.
That's fine.
> User and group access are also correct, and connection from the client
> machine is also with the correct user.
> If I change to the following in my "/etc/rc.conf" file:
> sshd_enable="YES"
> sshd2_enable="NO"
>
> Restart sshd, the keys work fine, no issues, I connect 100% without
> having to type any passwords.
Yes, it is expected. Forget about sshd2_enable -- 'man sshd_config' is
your friend. And if you're trying to enable only SSHv2, then the
default configuration of OpenSSH should be fine to you -- it allows only
v2 since ages. For your 6.1 only v2 should allowed by-default, but you
can explicitely state it in /etc/ssh/sshd_config, just to be sure.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20081222/3dcaf1d0/attachment.pgp
More information about the freebsd-hackers
mailing list