SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))

Wed Feb 1 15:30:47 PST 2006

On Tue, 31 Jan 2006 11:41:35 +0200, "Giorgos Keramidas"
<keramida at ceid.upatras.gr> said:
> > Giorgos,
> >
> > Thanks very much for replying! I wasn't aware of this environment
> > variable (even though I spent quite a while on this problem). Using
> > CVSUMASK certainly works when working on the server machine!
> >
> > We are currently using a pserver installation, with developers using
> > windows machines. We need a way to achieve the same effect with a user on
> > a windows machine doing an import. Do you have any idea how this can be
> > done? Thank you!
> 
> I'm not sure.  I know that the setting of CVSUMASK on the server machine
> works if you use SSH tunneling though.  If it's not too much trouble, you
> can set up SSH-based authentication instead of :pserver: and make sure
> the
> .bashrc or .cshrc of the developers on the server machine sets CVSUMASK
> correctly.
> 
> SSH-tunneled CVS is what the FreeBSD project uses in the official CVS
> repository, so I guess this setup works as expected :)

Giorgos,

Thanks again for taking the time to reply. I have tried using SSH in
the past, and got stuck setting up the public key login (that's 
why we're using pserver).

I spent a few hours yesterday trying to get SSH going again. I can
login with SSH from the windows machine using Putty, but only when
I use password authentication. In order to use cvs with ssh (using
the plink program in Putty), we must use public key authentication.

We are getting a 'Key Refused' error when trying to use public key
authentication. I have tried doing several things including editing
the /etc/ssh/sshd_config file:

PubkeyAuthentication yes 
AuthorizedKeysFile      .ssh/authorized_keys

We also had to make these changes in order to get password based 
ssh to work:

UsePAM no
PermitRootLogin yes 

We also tried putting the public key into various files:
.ssh/authorized_keys
.ssh/authorized_keys2
.ssh2/authorized_keys
.ssh2/authorized_keys2

(and made sure they are not group/world writable. The keys are 
SSH2 DSA 1024 bits)

I tried looking in the /var/log/auth.log file, and what I'm seeing
is:

Feb  2 10:19:26 mail1 sshd2[15343]: connection from "xxx.xx.xxx.x" 
Feb  2 10:19:26 mail1 sshd2[15344]: WARNING: DNS lookup failed for
"xxx.xx.xxx.\
x". 
Feb  2 10:19:29 mail1 sshd2[15344]: Local disconnected: Connection
closed. 
Feb  2 10:19:29 mail1 sshd2[15344]: connection lost: 'Connection
closed.' 

(I set "LogLevel DEBUG3" in sshd_config. I don't think the DNS
error is relevant, because password based ssh is working. But
I could wrong. What do you think?)

Do you have any idea where I can look to find out why the key is
being refused? Are there any other logfiles other than auth.log
that could give a clue to what's going wrong? Thanks!

Regards,

DB
-- 
  david bryce
  davidbryce at fastmail.fm

-- 
http://www.fastmail.fm - A fast, anti-spam email service.