Date: Mon, 22 Dec 2008 11:58:56 +0300 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Corne Kotze <cornek@striata.com> Cc: freebsd-hackers@freebsd.org Subject: Re: SSH Problem Message-ID: <dnoAcoCUUpmRgsgANBLPZChMEB8@TVy1gMAmSsiP9GTg//ziIjLy%2Bsk> In-Reply-To: <1229934159.8928.20.camel@jackal> References: <1229934159.8928.20.camel@jackal>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Corne, good day.
Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote:
> The issue I have, hope somebody can help me, is with ssh security keys,
> no matter if I use RSA or DSA keys with or without passwords, I still
> have to login with a password to my FreeBSD server.
> It is between a Linux server(Client server) and my FreeBSD server.
>=20
> My setups are as follows:
> >From client server:
> Linux nagios-server 2.6.23-hardened-r4 #1 SMP
> OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
>
>
> To FreeBSD server:
> FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri
> May 25 19:54:30 IST 2007
> root@secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP i386
> OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
>
> In my "/etc/rc.conf":
> sshd_enable=3D"NO"
> sshd2_enable=3D"YES"
There is no 'sshd2_enable' knob, there is only 'sshd_enable' one.
The protocols (and other stuff) are configured in /etc/ssh/sshd_config.
> I have tried the public key in various directories, in the users home
> directory, ie.
> .ssh/authorized_keys
> .ssh/authorized_keys2
>
> .ssh2/authorized_keys
> .ssh2/authorized_keys2
This is also governed by host's sshd_config: by-default, .ssh/authorized_ke=
ys
are used:
-----
AuthorizedKeysFile .ssh/authorized_keys
-----
> Permissions are set to 700 for the .ssh(2) directories and 600 for the
> authorized_keys(2) files.
That's fine.
> User and group access are also correct, and connection from the client
> machine is also with the correct user.
> If I change to the following in my "/etc/rc.conf" file:
> sshd_enable=3D"YES"
> sshd2_enable=3D"NO"
>
> Restart sshd, the keys work fine, no issues, I connect 100% without
> having to type any passwords.
Yes, it is expected. Forget about sshd2_enable -- 'man sshd_config' is
your friend. And if you're trying to enable only SSHv2, then the
default configuration of OpenSSH should be fine to you -- it allows only
v2 since ages. For your 6.1 only v2 should allowed by-default, but you
can explicitely state it in /etc/ssh/sshd_config, just to be sure.
--=20
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual =20
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20
{_.-``-' {_/ #
--PNTmBPCT7hxwcZjr
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEUEARECAAYFAklPVtAACgkQthUKNsbL7YhqegCY+G7ZC3gHB7+PBhlgOP3eUmyt
qQCgrqJgsJUHs7xhxgRLXrViYBR3NZo=
=6NqX
-----END PGP SIGNATURE-----
--PNTmBPCT7hxwcZjr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dnoAcoCUUpmRgsgANBLPZChMEB8>