|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Debian default ssh configuration problem with public/private key checking
Date: Sun Jun 24 2007 - 23:43:34 EDT
On Sat, Jun 23, 2007 at 02:39:44PM +0000, - Tong - wrote:
> Thanks for the respond Andrew,
>
> On Fri, 22 Jun 2007 13:50:17 -0700, Andrew Sackville-West wrote:
>
> >> I'm trying to setup Debian to accept my remote ssh
> >> login. No problem with that, but I'm facing a
> >> configuration problem:
> >>
> >> It doesn't seem to be able to handle/accept the public/private key
> >> checking, i.e.,what sourceforge.net is doing [1], but insists on checking
> >> login password [2], which is not a recommended practice.
> >>
> >> This is a vanilla sshd configuration. I.e., everything from Debian default.
> >> What changes should I make to enable the public/private key Authentication?
> >
> > from /etc/ssh/sshd_config:
> >
> > RSAAuthentication yes
> > PubkeyAuthentication yes
> >
> > [....]
> >
> > # To enable empty passwords, change to yes (NOT RECOMMENDED)
> > PermitEmptyPasswords no
> >
> > # Change to no to disable s/key passwords
> > ChallengeResponseAuthentication no
> >
> > # Change to yes to enable tunnelled clear text passwords
> > PasswordAuthentication no
>
> I didn't have the PubkeyAuthentication, the man page says it is yes by
> default. But I added all the same. Here is my current config, without
> disabling the PasswordAuthentication yet:
>
> -------------------------------------------------
> % grep -E1
> '^RSAAuthentication|PubkeyAuthentication|PermitEmptyPasswords|ChallengeResponseAuthentication|^PasswordAuthentication'
> /etc/ssh/sshd_config #
> RSAAuthentication yes
> PubkeyAuthentication yes
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
>
> # Uncomment to disable s/key passwords
> #ChallengeResponseAuthentication no
> -------------------------------------------------
>
> Here is how I tested:
> (would testing locally be ok?)
I've done it successfully to other accounts on the localhost, but I don't know about your own accoutn, maybe that causes a problem?
>
> -------------------------------------------------
> # make changes to /etc/ssh/sshd_config, adding PubkeyAuthentication
> /etc/init.d/ssh restart
>
> ssh-copy-id -i ~/.ssh/id_rsa.pub tong@localhost
did you get some output from this command?
>
> $ ssh -v localhost
our results are the same to here:
...
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/tong/.ssh/id_rsa
and then mine just works:
...
debug1: Next authentication method: publickey debug1: Trying private key: /home/andrew/.ssh/identity debug1: Offering public key: /home/andrew/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8
>
> Anything else is wrong?
without seeing some output from ssh-copy-id above or some confirmation that the command acutally did something, I'd guess that was the problem...
or perhaps something else in sshd_config or in a local ssh config (something in ~/.ssh/ somewhere)
> hmm, why "Remote protocol version 1.99", instead of 2? Ah, never mind,
> sourceforge.net says the same thing too. BTW, it is still using v3.9p1.
I don't think the versions are the issue. pubkey authentication has worked for a long time...
A
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.orgReceived on Sun Jun 24 23:44:21 2007
- application/pgp-signature attachment: Digital signature
This archive was generated by hypermail 2.1.8 : Sun Jun 24 2007 - 23:50:02 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |