From owner-freebsd-hackers@FreeBSD.ORG Mon Dec 22 08:59:02 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7ED6106567A for ; Mon, 22 Dec 2008 08:59:02 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 6FE228FC14 for ; Mon, 22 Dec 2008 08:59:02 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=emef2mz/RLz6upeDvpC0mHfayW+ShLjjZpmYwUsXiaOlYgJ9RZcn7Q25eEG6DWKY4yfBytHcd2zN/TrAQPtgp+EDqlURy6VtIdciTJKKsVpYhanpNY9jlfRSaWHssdrSl7Gw64NY1INvlE+sprKRcAK0o3pDTX+p8PW6BKWoTss=; Received: from shadow.pikenet.ru (school.pikenet.ru [85.30.229.242]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1LEgct-000E4K-Lg; Mon, 22 Dec 2008 11:59:00 +0300 Date: Mon, 22 Dec 2008 11:58:56 +0300 From: Eygene Ryabinkin To: Corne Kotze Message-ID: References: <1229934159.8928.20.camel@jackal> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PNTmBPCT7hxwcZjr" Content-Disposition: inline In-Reply-To: <1229934159.8928.20.camel@jackal> Sender: rea-fbsd@codelabs.ru Cc: freebsd-hackers@freebsd.org Subject: Re: SSH Problem X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2008 08:59:02 -0000 --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Corne, good day. Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote: > The issue I have, hope somebody can help me, is with ssh security keys, > no matter if I use RSA or DSA keys with or without passwords, I still > have to login with a password to my FreeBSD server. > It is between a Linux server(Client server) and my FreeBSD server. >=20 > My setups are as follows: > >From client server: > Linux nagios-server 2.6.23-hardened-r4 #1 SMP > OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007 > > > To FreeBSD server: > FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri > May 25 19:54:30 IST 2007 > root@secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP i386 > OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 > > In my "/etc/rc.conf": > sshd_enable=3D"NO" > sshd2_enable=3D"YES" There is no 'sshd2_enable' knob, there is only 'sshd_enable' one. The protocols (and other stuff) are configured in /etc/ssh/sshd_config. > I have tried the public key in various directories, in the users home > directory, ie. > .ssh/authorized_keys > .ssh/authorized_keys2 > > .ssh2/authorized_keys > .ssh2/authorized_keys2 This is also governed by host's sshd_config: by-default, .ssh/authorized_ke= ys are used: ----- AuthorizedKeysFile .ssh/authorized_keys ----- > Permissions are set to 700 for the .ssh(2) directories and 600 for the > authorized_keys(2) files. That's fine. > User and group access are also correct, and connection from the client > machine is also with the correct user. > If I change to the following in my "/etc/rc.conf" file: > sshd_enable=3D"YES" > sshd2_enable=3D"NO" > > Restart sshd, the keys work fine, no issues, I connect 100% without > having to type any passwords. Yes, it is expected. Forget about sshd2_enable -- 'man sshd_config' is your friend. And if you're trying to enable only SSHv2, then the default configuration of OpenSSH should be fine to you -- it allows only v2 since ages. For your 6.1 only v2 should allowed by-default, but you can explicitely state it in /etc/ssh/sshd_config, just to be sure. --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEUEARECAAYFAklPVtAACgkQthUKNsbL7YhqegCY+G7ZC3gHB7+PBhlgOP3eUmyt qQCgrqJgsJUHs7xhxgRLXrViYBR3NZo= =6NqX -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr--