help configuring ssh pub keys instead of passwords
Brent
mrb at bmyster.com
Sat Mar 5 12:34:17 PST 2005
Thank you ...that worked ...
B
On Sat, 05 Mar 2005 14:21:27 -0500, greg at grokking.org wrote
> > so far i have done
> >
> > edit /etc/sshd_config
> >
> > Port 22
> > Protocol 2
> > PermitRootLogin no
> > MaxStartups 5:50:10
> > X11Forwarding no
> > PrintLastLog yes
> > SyslogFacility auth
> > LogLevel VERBOSE
> > PasswordAuthentication no
> > PermitEmptyPasswords no
> > Banner /etc/issue
> > AllowGroups sshusers <-- this exsists
> >
> > # create some group that you can put OpenSSH users into
> > Next, we'll open and edit /etc/ssh/ssh_config
> >
> > [user at server /dir]#vi /etc/ssh/ssh_config
> >
> > ForwardAgent no
> > ForwardX11 no
> > PasswordAuthentication no
> > CheckHostIP yes
> > Port 22
> > Protocol 2
> >
> > then i su to unpriv user and ran ssh-keygen -d
> >
> > then i did
> > cat id_dsa.pub > authorized_keys2
>
> make sure you have a line in /etc/ssh/sshd_config that points to
> this, like so:
>
> AuthorizedKeysFile .ssh/authorized_keys2
>
> If it's commented out that's okay (default) just make sure it's the
> same filename you've used!
>
> (Incidentally, on my 5.3 box it's set as .ssh/authorized_keys)
>
> >
> > then copy the id_dsa.pub to a floppy so that i could transfer the dsa key to
> > the machine from which id be accessing the unix box.
> >
>
> No, you need to put the PRIVATE key (id_dsa by default) on the
> client machines in the .ssh directory under each users' home dir.
> The PUBLIC key stays on the server in authorized_keys as you've done
> above. Make sure this key and the directory it's in is accessible
> only by the user you want.
>
> Hope that helps,
>
> G
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
--
Brent Bailey CCNA
Bmyster LLC
Computer Networking and Webhosting
Network Engineer, Webmaster, President
http://www.bmyster.com
mrb at bmyster.com
207-490-5992
More information about the freebsd-questions
mailing list