|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Debian default ssh configuration problem with public/private key checking
Date: Sat Jun 23 2007 - 10:39:44 EDT
Thanks for the respond Andrew,
On Fri, 22 Jun 2007 13:50:17 -0700, Andrew Sackville-West wrote:
>> I'm trying to setup Debian to accept my remote ssh >> login. No problem with that, but I'm facing a >> configuration problem: >> >> It doesn't seem to be able to handle/accept the public/private key >> checking, i.e.,what sourceforge.net is doing [1], but insists on checking >> login password [2], which is not a recommended practice. >> >> This is a vanilla sshd configuration. I.e., everything from Debian default. >> What changes should I make to enable the public/private key Authentication?
>
> from /etc/ssh/sshd_config:
>
> RSAAuthentication yes
> PubkeyAuthentication yes
>
> [....]
>
> # To enable empty passwords, change to yes (NOT RECOMMENDED)
> PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> ChallengeResponseAuthentication no
>
> # Change to yes to enable tunnelled clear text passwords
> PasswordAuthentication no
I didn't have the PubkeyAuthentication, the man page says it is yes by default. But I added all the same. Here is my current config, without disabling the PasswordAuthentication yet:
% grep -E1
'^RSAAuthentication|PubkeyAuthentication|PermitEmptyPasswords|ChallengeResponseAuthentication|^PasswordAuthentication' /etc/ssh/sshd_config #
RSAAuthentication yes
PubkeyAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no
Here is how I tested:
(would testing locally be ok?)
# make changes to /etc/ssh/sshd_config, adding PubkeyAuthentication /etc/init.d/ssh restart
ssh-copy-id -i ~/.ssh/id_rsa.pub tong@localhost
$ ssh -v localhost
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3p2 Debian-9 debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9[...]
debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/tong/.ssh/known_hosts:19 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/tong/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering public key: /home/tong/.ssh/id_dsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactivePassword:
Anything else is wrong?
hmm, why "Remote protocol version 1.99", instead of 2? Ah, never mind,
sourceforge.net says the same thing too. BTW, it is still using v3.9p1.
-- Tong (remove underscore(s) to reply) http://xpt.sf.net/techdocs/ http://xpt.sf.net/tools/ -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.orgReceived on Sat Jun 23 10:41:27 2007
This archive was generated by hypermail 2.1.8 : Sat Jun 23 2007 - 10:50:02 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |