**questions** ssh w/ rsa certs not working
Gabriel Rossetti
rossettigab at charter.net
Wed Jan 24 23:33:51 UTC 2007
Matt Ruzicka wrote:
> On Wed, 24 Jan 2007, Gabriel Rossetti wrote:
>
>> The user needing to log in is root (I know this is not good and
>> turned off by default), so I re-enabled root login with ssh but like
>> I said above, I get a password
>> prompt when I do : ssh -l root machine2 whoami
>
>
> Not sure if there is more going on as well, but you might want to set
> PermitRootLogin without-password in your sshd_config on the server you
> are trying to access. This /should/ give you a bit more security in
> that someone won't be able to brute force your root password if I
> understand it, but will allow you to login using the sshd keys (if
> they are set up properly). Might also check file and directory perms
> on .ssh and the different key and authorized_keys2 files involved if
> you haven't already, seems perms often bite me..
>
I have rwx for user and nothing for group and others. Thanks for the
safety tip, I'll do that. I added the -v param to ssh and I found this :
debug1: Remote: Your host 'machine2' is not permitted to use this key
for login.
after playing around with it I found two problems :
1) FreeBSD uses ~/.ssh/authorized_keys and not ~/.ssh/authorized_keys2
like linux
2) I had put :
from="machine1" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]
to limit from where I can login, in my ~/.ssh/authorized_keys and it
doesn't seem to like that (from="machine1" )
any ideas why it doesn't like the 2nd point?
Thanks,
Gabriel
> Matt Ruzicka - Senior Systems Administrator
> FRII
> 970-212-0728 matt at frii.net
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list