From owner-freebsd-questions@FreeBSD.ORG Sat Mar 5 20:34:17 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1447216A4CE for ; Sat, 5 Mar 2005 20:34:17 +0000 (GMT) Received: from bmyster.com (ns1.bmyster.com [65.175.135.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6198243D1F for ; Sat, 5 Mar 2005 20:34:16 +0000 (GMT) (envelope-from mrb@bmyster.com) Received: from bmyster.com (localhost.bmyster.com [127.0.0.1]) by bmyster.com (8.12.11/8.12.11) with ESMTP id j25KeaLT092839; Sat, 5 Mar 2005 15:40:40 -0500 (EST) From: "Brent" To: "greg@grokking.org" , freebsd-questions@freebsd.org Date: Sat, 5 Mar 2005 15:40:31 -0500 Message-Id: <20050305204003.M42739@bmyster.com> In-Reply-To: <422A06B7.9060007@grokking.org> References: <20050305181134.M99248@bmyster.com> <422A06B7.9060007@grokking.org> X-Mailer: Open WebMail 2.41 20040926 X-OriginatingIP: 24.75.245.190 (mrb) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: help configuring ssh pub keys instead of passwords X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mrb@bmyster.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2005 20:34:17 -0000 Thank you ...that worked ... B On Sat, 05 Mar 2005 14:21:27 -0500, greg@grokking.org wrote > > so far i have done > > > > edit /etc/sshd_config > > > > Port 22 > > Protocol 2 > > PermitRootLogin no > > MaxStartups 5:50:10 > > X11Forwarding no > > PrintLastLog yes > > SyslogFacility auth > > LogLevel VERBOSE > > PasswordAuthentication no > > PermitEmptyPasswords no > > Banner /etc/issue > > AllowGroups sshusers <-- this exsists > > > > # create some group that you can put OpenSSH users into > > Next, we'll open and edit /etc/ssh/ssh_config > > > > [user@server /dir]#vi /etc/ssh/ssh_config > > > > ForwardAgent no > > ForwardX11 no > > PasswordAuthentication no > > CheckHostIP yes > > Port 22 > > Protocol 2 > > > > then i su to unpriv user and ran ssh-keygen -d > > > > then i did > > cat id_dsa.pub > authorized_keys2 > > make sure you have a line in /etc/ssh/sshd_config that points to > this, like so: > > AuthorizedKeysFile .ssh/authorized_keys2 > > If it's commented out that's okay (default) just make sure it's the > same filename you've used! > > (Incidentally, on my 5.3 box it's set as .ssh/authorized_keys) > > > > > then copy the id_dsa.pub to a floppy so that i could transfer the dsa key to > > the machine from which id be accessing the unix box. > > > > No, you need to put the PRIVATE key (id_dsa by default) on the > client machines in the .ssh directory under each users' home dir. > The PUBLIC key stays on the server in authorized_keys as you've done > above. Make sure this key and the directory it's in is accessible > only by the user you want. > > Hope that helps, > > G > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Brent Bailey CCNA Bmyster LLC Computer Networking and Webhosting Network Engineer, Webmaster, President http://www.bmyster.com mrb@bmyster.com 207-490-5992