Date: Mon, 22 Dec 2008 11:22:07 +0200 From: Corne Kotze <cornek@striata.com> To: rea-fbsd@codelabs.ru Cc: freebsd-hackers@freebsd.org Subject: Re: SSH Problem Message-ID: <1229937727.8928.24.camel@jackal> In-Reply-To: <dnoAcoCUUpmRgsgANBLPZChMEB8@TVy1gMAmSsiP9GTg//ziIjLy%2Bsk> References: <1229934159.8928.20.camel@jackal> <dnoAcoCUUpmRgsgANBLPZChMEB8@TVy1gMAmSsiP9GTg//ziIjLy%2Bsk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Eygene, Thank for the reply. Sorry for the ignorance, but I should have added this as well. I am running apart from other things, a secure ftp server on this box as well that chroot the users to their home directories. I got the setup information from the following link: http://www.bsdguides.org/guides/freebsd/security/sftp_chroot_users.php Setting the "rc.conf" file to: sshd_enable="YES" sshd2_enable="NO" Then my sftp setup does not work properly, unless I am missing something that I can set in the "/etc/ssh/sshd_config" file. Thanks again. CK On Mon, 2008-12-22 at 11:58 +0300, Eygene Ryabinkin wrote: > Corne, good day. > > Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote: > > The issue I have, hope somebody can help me, is with ssh security keys, > > no matter if I use RSA or DSA keys with or without passwords, I still > > have to login with a password to my FreeBSD server. > > It is between a Linux server(Client server) and my FreeBSD server. > > > > My setups are as follows: > > >From client server: > > Linux nagios-server 2.6.23-hardened-r4 #1 SMP > > OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007 > > > > > > To FreeBSD server: > > FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri > > May 25 19:54:30 IST 2007 > > root@secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP i386 > > OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 > > > > In my "/etc/rc.conf": > > sshd_enable="NO" > > sshd2_enable="YES" > > There is no 'sshd2_enable' knob, there is only 'sshd_enable' one. > The protocols (and other stuff) are configured in /etc/ssh/sshd_config. > > > I have tried the public key in various directories, in the users home > > directory, ie. > > .ssh/authorized_keys > > .ssh/authorized_keys2 > > > > .ssh2/authorized_keys > > .ssh2/authorized_keys2 > > This is also governed by host's sshd_config: by-default, .ssh/authorized_keys > are used: > ----- > AuthorizedKeysFile .ssh/authorized_keys > ----- > > > Permissions are set to 700 for the .ssh(2) directories and 600 for the > > authorized_keys(2) files. > > That's fine. > > > User and group access are also correct, and connection from the client > > machine is also with the correct user. > > > If I change to the following in my "/etc/rc.conf" file: > > sshd_enable="YES" > > sshd2_enable="NO" > > > > Restart sshd, the keys work fine, no issues, I connect 100% without > > having to type any passwords. > > Yes, it is expected. Forget about sshd2_enable -- 'man sshd_config' is > your friend. And if you're trying to enable only SSHv2, then the > default configuration of OpenSSH should be fine to you -- it allows only > v2 since ages. For your 6.1 only v2 should allowed by-default, but you > can explicitely state it in /etc/ssh/sshd_config, just to be sure. Corne Kotze Systems Administrator Striata messaging innovation E: corne.kotze@za.striata.com T: +27 11 530 9600 F: +27 11 447 9122 This email and all contents are subject to the following disclaimer: http://www.striata.com/_disclaimer/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1229937727.8928.24.camel>