SSH Problem
Corne Kotze
cornek at striata.com
Mon Dec 22 01:22:11 PST 2008
Hi Eygene,
Thank for the reply.
Sorry for the ignorance, but I should have added this as well.
I am running apart from other things, a secure ftp server on this box as
well that chroot the users to their home directories.
I got the setup information from the following link:
http://www.bsdguides.org/guides/freebsd/security/sftp_chroot_users.php
Setting the "rc.conf" file to:
sshd_enable="YES"
sshd2_enable="NO"
Then my sftp setup does not work properly, unless I am missing something
that I can set in the "/etc/ssh/sshd_config" file.
Thanks again.
CK
On Mon, 2008-12-22 at 11:58 +0300, Eygene Ryabinkin wrote:
> Corne, good day.
>
> Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote:
> > The issue I have, hope somebody can help me, is with ssh security keys,
> > no matter if I use RSA or DSA keys with or without passwords, I still
> > have to login with a password to my FreeBSD server.
> > It is between a Linux server(Client server) and my FreeBSD server.
> >
> > My setups are as follows:
> > >From client server:
> > Linux nagios-server 2.6.23-hardened-r4 #1 SMP
> > OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
> >
> >
> > To FreeBSD server:
> > FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri
> > May 25 19:54:30 IST 2007
> > root at secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP i386
> > OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
> >
> > In my "/etc/rc.conf":
> > sshd_enable="NO"
> > sshd2_enable="YES"
>
> There is no 'sshd2_enable' knob, there is only 'sshd_enable' one.
> The protocols (and other stuff) are configured in /etc/ssh/sshd_config.
>
> > I have tried the public key in various directories, in the users home
> > directory, ie.
> > .ssh/authorized_keys
> > .ssh/authorized_keys2
> >
> > .ssh2/authorized_keys
> > .ssh2/authorized_keys2
>
> This is also governed by host's sshd_config: by-default, .ssh/authorized_keys
> are used:
> -----
> AuthorizedKeysFile .ssh/authorized_keys
> -----
>
> > Permissions are set to 700 for the .ssh(2) directories and 600 for the
> > authorized_keys(2) files.
>
> That's fine.
>
> > User and group access are also correct, and connection from the client
> > machine is also with the correct user.
>
> > If I change to the following in my "/etc/rc.conf" file:
> > sshd_enable="YES"
> > sshd2_enable="NO"
> >
> > Restart sshd, the keys work fine, no issues, I connect 100% without
> > having to type any passwords.
>
> Yes, it is expected. Forget about sshd2_enable -- 'man sshd_config' is
> your friend. And if you're trying to enable only SSHv2, then the
> default configuration of OpenSSH should be fine to you -- it allows only
> v2 since ages. For your 6.1 only v2 should allowed by-default, but you
> can explicitely state it in /etc/ssh/sshd_config, just to be sure.
Corne Kotze
Systems Administrator
Striata messaging innovation
E: corne.kotze at za.striata.com
T: +27 11 530 9600
F: +27 11 447 9122
This email and all contents are subject to the following disclaimer:
http://www.striata.com/_disclaimer/
More information about the freebsd-hackers
mailing list