**questions** ssh w/ rsa certs not working

Gabriel Rossetti rossettigab at charter.net
Wed Jan 24 23:33:51 UTC 2007

Matt Ruzicka wrote:
> On Wed, 24 Jan 2007, Gabriel Rossetti wrote:
>> The user needing to log in is root (I know this is not good and 
>> turned off by default), so I re-enabled root login with ssh but like 
>> I said above, I get a password
>> prompt when I do : ssh -l root machine2 whoami
> Not sure if there is more going on as well, but you might want to set 
> PermitRootLogin without-password in your sshd_config on the server you 
> are trying to access.  This /should/ give you a bit more security in 
> that someone won't be able to brute force your root password if I 
> understand it, but will allow you to login using the sshd keys (if 
> they are set up properly).  Might also check file and directory perms 
> on .ssh and the different key and authorized_keys2 files involved if 
> you haven't already, seems perms often bite me..
I have rwx for user and nothing for group and others. Thanks for the 
safety tip, I'll do that. I added the -v param to ssh and I found this :

debug1: Remote: Your host 'machine2' is not permitted to use this key 
for login.

after playing around with it I found two problems :

1) FreeBSD uses ~/.ssh/authorized_keys and not ~/.ssh/authorized_keys2 
like linux

2) I had put :

 from="machine1" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]

to limit from where I can login, in my ~/.ssh/authorized_keys and it 
doesn't seem to like that (from="machine1" )

any ideas why it doesn't like the 2nd point?


> Matt Ruzicka - Senior Systems Administrator
> 970-212-0728  matt at frii.net
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list