Date: Fri, 7 Jul 2000 22:11:34 +1000 From: Nick Slager <nicks@albury.net.au> To: cjclark@alum.mit.edu Cc: questions@FreeBSD.ORG Subject: Re: Root logins with ssh Message-ID: <20000707221134.A57699@albury.net.au> In-Reply-To: <20000707001038.G682@dialin-client.earthlink.net>; from cristjc@earthlink.net on Fri, Jul 07, 2000 at 12:10:39AM -0700 References: <20000707161827.A51081@albury.net.au> <20000707001038.G682@dialin-client.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Crist J. Clark (cristjc@earthlink.net): > On Fri, Jul 07, 2000 at 04:18:28PM +1000, Nick Slager wrote: > > Has anyone managed to do this? Pointers appreciated. > > Never done it with DSA keys. Done it with RSA keys. > > 1) Make a private/public keypair with no passphrase using > ssh-keygen on the client. > > 2) Put the public key in /root/.ssh/authorized_keys[0] on server. > > 3) You now can ssh into the server from the client. This is essentially what I had done (with DSA keys). I've generated RSA keys and tried the same, but it still prompts me for a password. Running sshd -d on the server during the connection attempt gives: debug: Server will not fork when running in debugging mode. Connection from myserver.com port 953 Connection from xxx.xx.xxx.xx port 953 debug: Client protocol version 1.5; client software version OpenSSH-2.1 debug: Local version string SSH-1.99-OpenSSH-2.1 debug: Sent 768 bit public key and 1024 bit host key. debug: Encryption type: 3des debug: Received session key; encryption turned on. debug: Installing crc compensation attack detector. debug: Attempting authentication for root. ROOT LOGIN REFUSED FROM myserver.com ROOT LOGIN as 'root' from myserver.com Failed rsa for ROOT from xxx.xx.xxx.xx port 953 It appears the root login attempt has been refused even before authentication has been attempted. Of course, it could also be a misconfiguration on my part :-) Here's my sshd_config: Port 22 #Protocol 2,1 ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 60 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes SyslogFacility AUTH LogLevel INFO RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes DSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no CheckMail no UseLogin no Any further thoughts appreciated. Nick. -- From a Sun Microsystems bug report (#4102680): "Workaround: don't pound on the mouse like a wild monkey." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000707221134.A57699>