SSH Problem

Eygene Ryabinkin rea-fbsd at codelabs.ru
Mon Dec 22 00:59:02 PST 2008 

Corne, good day.

Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote:
> The issue I have, hope somebody can help me, is with ssh security keys,
> no matter if I use RSA or DSA keys with or without passwords, I still
> have to login with a password to my FreeBSD server.
> It is between a Linux server(Client server) and my FreeBSD server.
> 
> My setups are as follows:
> >From client server:
> Linux nagios-server 2.6.23-hardened-r4 #1 SMP
> OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
>
>
> To FreeBSD server:
> FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri
> May 25 19:54:30 IST 2007
> root at secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP  i386
> OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
>
> In my "/etc/rc.conf":
> sshd_enable="NO"
> sshd2_enable="YES"

There is no 'sshd2_enable' knob, there is only 'sshd_enable' one.
The protocols (and other stuff) are configured in /etc/ssh/sshd_config.

> I have tried the public key in various directories, in the users home
> directory, ie.
> .ssh/authorized_keys
> .ssh/authorized_keys2
>
> .ssh2/authorized_keys
> .ssh2/authorized_keys2

This is also governed by host's sshd_config: by-default, .ssh/authorized_keys
are used:
-----
AuthorizedKeysFile     .ssh/authorized_keys
-----

> Permissions are set to 700 for the .ssh(2) directories and 600 for the
> authorized_keys(2) files.

That's fine.

> User and group access are also correct, and connection from the client
> machine is also with the correct user.

> If I change to the following in my "/etc/rc.conf" file:
> sshd_enable="YES"
> sshd2_enable="NO"
>
> Restart sshd, the keys work fine, no issues, I connect 100% without
> having to type any passwords.

Yes, it is expected.  Forget about sshd2_enable -- 'man sshd_config' is
your friend.  And if you're trying to enable only SSHv2, then the
default configuration of OpenSSH should be fine to you -- it allows only
v2 since ages.  For your 6.1 only v2 should allowed by-default, but you
can explicitely state it in /etc/ssh/sshd_config, just to be sure.
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20081222/3dcaf1d0/attachment.pgp

More information about the freebsd-hackers mailing list