RSA/DSA authentication
Erik Richards
erikr at magnetsusa.com
Thu Dec 7 09:42:26 PST 2006
Greetings,
I'm not sure if this is the right place for this or the security mailing list,
but I am extremely confused by RSA/DSA authentication and using it with OpenSSH.
My current setup is that I have a freebsd box at home acting as a firewall/gateway/webserver.
I'd like to access it from work using Putty on Windows 2000. Right now I have password
authentication with a good strong username/password, Denyhosts and I feel safe. I just wanted
to try a little extra security (for kicks) so I started reading and implementing RSA.
Well now after reading what there was in the handbook, freebsddairy, and a really
nice article about it on IBM I have no idea how to get this to work and am just
a little frustrated. I believe I'm getting messed up on the public and private key
and where they should go on the computer i'm trying to connect to or connect from?
I used ssh-keygen and putty to generate a key (RSA w/passphrase) and both times I've gotten
neither to work from what I've been able to tell.
One time I was close and got something saying that my key's permissions had to be changed
because they were to open so I fixed that warning and then it said that my key was accepted
and I entered my passphrase. But then just to play around I removed my key (wanted to see
if it wouldn't let me connect). It did and asked for my password not passphrase. What I was
hoping for was that the server would see that i didn't have a key and deny my access but
saddly it didn't.
Now I'm editing some of my /etc/ssh/sshd_config file like uncommenting:
(correct? I shouldn't be editing /etc/ssh/ssh_config?)
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /root/.ssh/authorized_keys
(I did rename the key I was using this and made sure it was all on one line)
PasswordAuthentication no
but I still don't have anything working. I've restarted sshd by doing:
/etc/rc.d/sshd restart
each time as well. Am I wrong to assume the server should deny
me access if I don't have the key or is using RSA/DSA authentication just to assure
myself that I'm actually connecting to my server and not some other person's trying
to get my passwords?
Thank you for reading this mess, as you can tell I'm pretty bewildered.
Erik
More information about the freebsd-questions
mailing list