SSH with Public Key Authentication (Was: Re: Attention: Giorgos
Keramidas (Was: CVS Import Permissions))
Daniel A.
ldrada at gmail.com
Wed Feb 1 16:05:01 PST 2006
Try one or more of the following things:
- Use puttygen to import your private key, and then export as .ppk
- Load your key.ppk into pageant, and let it manage your private key(s)
- Log in using your private key from the server (ie. login to the
server with your password, and then from the shell ssh
username at localhost).
Please inform me of your results.
On 2/2/06, david bryce <davidbryce at fastmail.fm> wrote:
> On Tue, 31 Jan 2006 11:41:35 +0200, "Giorgos Keramidas"
> <keramida at ceid.upatras.gr> said:
> > > Giorgos,
> > >
> > > Thanks very much for replying! I wasn't aware of this environment
> > > variable (even though I spent quite a while on this problem). Using
> > > CVSUMASK certainly works when working on the server machine!
> > >
> > > We are currently using a pserver installation, with developers using
> > > windows machines. We need a way to achieve the same effect with a user on
> > > a windows machine doing an import. Do you have any idea how this can be
> > > done? Thank you!
> >
> > I'm not sure. I know that the setting of CVSUMASK on the server machine
> > works if you use SSH tunneling though. If it's not too much trouble, you
> > can set up SSH-based authentication instead of :pserver: and make sure
> > the
> > .bashrc or .cshrc of the developers on the server machine sets CVSUMASK
> > correctly.
> >
> > SSH-tunneled CVS is what the FreeBSD project uses in the official CVS
> > repository, so I guess this setup works as expected :)
>
> Giorgos,
>
> Thanks again for taking the time to reply. I have tried using SSH in
> the past, and got stuck setting up the public key login (that's
> why we're using pserver).
>
> I spent a few hours yesterday trying to get SSH going again. I can
> login with SSH from the windows machine using Putty, but only when
> I use password authentication. In order to use cvs with ssh (using
> the plink program in Putty), we must use public key authentication.
>
> We are getting a 'Key Refused' error when trying to use public key
> authentication. I have tried doing several things including editing
> the /etc/ssh/sshd_config file:
>
> PubkeyAuthentication yes
> AuthorizedKeysFile .ssh/authorized_keys
>
> We also had to make these changes in order to get password based
> ssh to work:
>
> UsePAM no
> PermitRootLogin yes
>
> We also tried putting the public key into various files:
> .ssh/authorized_keys
> .ssh/authorized_keys2
> .ssh2/authorized_keys
> .ssh2/authorized_keys2
>
> (and made sure they are not group/world writable. The keys are
> SSH2 DSA 1024 bits)
>
> I tried looking in the /var/log/auth.log file, and what I'm seeing
> is:
>
> Feb 2 10:19:26 mail1 sshd2[15343]: connection from "xxx.xx.xxx.x"
> Feb 2 10:19:26 mail1 sshd2[15344]: WARNING: DNS lookup failed for
> "xxx.xx.xxx.\
> x".
> Feb 2 10:19:29 mail1 sshd2[15344]: Local disconnected: Connection
> closed.
> Feb 2 10:19:29 mail1 sshd2[15344]: connection lost: 'Connection
> closed.'
>
> (I set "LogLevel DEBUG3" in sshd_config. I don't think the DNS
> error is relevant, because password based ssh is working. But
> I could wrong. What do you think?)
>
> Do you have any idea where I can look to find out why the key is
> being refused? Are there any other logfiles other than auth.log
> that could give a clue to what's going wrong? Thanks!
>
> Regards,
>
> DB
> --
> david bryce
> davidbryce at fastmail.fm
>
> --
> http://www.fastmail.fm - A fast, anti-spam email service.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list