Date: Mon, 22 Dec 2008 11:58:56 +0300 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Corne Kotze <cornek@striata.com> Cc: freebsd-hackers@freebsd.org Subject: Re: SSH Problem Message-ID: <dnoAcoCUUpmRgsgANBLPZChMEB8@TVy1gMAmSsiP9GTg//ziIjLy%2Bsk> In-Reply-To: <1229934159.8928.20.camel@jackal> References: <1229934159.8928.20.camel@jackal>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Corne, good day. Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote: > The issue I have, hope somebody can help me, is with ssh security keys, > no matter if I use RSA or DSA keys with or without passwords, I still > have to login with a password to my FreeBSD server. > It is between a Linux server(Client server) and my FreeBSD server. >=20 > My setups are as follows: > >From client server: > Linux nagios-server 2.6.23-hardened-r4 #1 SMP > OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007 > > > To FreeBSD server: > FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri > May 25 19:54:30 IST 2007 > root@secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP i386 > OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 > > In my "/etc/rc.conf": > sshd_enable=3D"NO" > sshd2_enable=3D"YES" There is no 'sshd2_enable' knob, there is only 'sshd_enable' one. The protocols (and other stuff) are configured in /etc/ssh/sshd_config. > I have tried the public key in various directories, in the users home > directory, ie. > .ssh/authorized_keys > .ssh/authorized_keys2 > > .ssh2/authorized_keys > .ssh2/authorized_keys2 This is also governed by host's sshd_config: by-default, .ssh/authorized_ke= ys are used: ----- AuthorizedKeysFile .ssh/authorized_keys ----- > Permissions are set to 700 for the .ssh(2) directories and 600 for the > authorized_keys(2) files. That's fine. > User and group access are also correct, and connection from the client > machine is also with the correct user. > If I change to the following in my "/etc/rc.conf" file: > sshd_enable=3D"YES" > sshd2_enable=3D"NO" > > Restart sshd, the keys work fine, no issues, I connect 100% without > having to type any passwords. Yes, it is expected. Forget about sshd2_enable -- 'man sshd_config' is your friend. And if you're trying to enable only SSHv2, then the default configuration of OpenSSH should be fine to you -- it allows only v2 since ages. For your 6.1 only v2 should allowed by-default, but you can explicitely state it in /etc/ssh/sshd_config, just to be sure. --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEUEARECAAYFAklPVtAACgkQthUKNsbL7YhqegCY+G7ZC3gHB7+PBhlgOP3eUmyt qQCgrqJgsJUHs7xhxgRLXrViYBR3NZo= =6NqX -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dnoAcoCUUpmRgsgANBLPZChMEB8>