Date: Sat, 5 Mar 2005 15:40:31 -0500 From: "Brent" <mrb@bmyster.com> To: "greg@grokking.org" <greg@grokking.org>, freebsd-questions@freebsd.org Subject: Re: help configuring ssh pub keys instead of passwords Message-ID: <20050305204003.M42739@bmyster.com> In-Reply-To: <422A06B7.9060007@grokking.org> References: <20050305181134.M99248@bmyster.com> <422A06B7.9060007@grokking.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you ...that worked ... B On Sat, 05 Mar 2005 14:21:27 -0500, greg@grokking.org wrote > > so far i have done > > > > edit /etc/sshd_config > > > > Port 22 > > Protocol 2 > > PermitRootLogin no > > MaxStartups 5:50:10 > > X11Forwarding no > > PrintLastLog yes > > SyslogFacility auth > > LogLevel VERBOSE > > PasswordAuthentication no > > PermitEmptyPasswords no > > Banner /etc/issue > > AllowGroups sshusers <-- this exsists > > > > # create some group that you can put OpenSSH users into > > Next, we'll open and edit /etc/ssh/ssh_config > > > > [user@server /dir]#vi /etc/ssh/ssh_config > > > > ForwardAgent no > > ForwardX11 no > > PasswordAuthentication no > > CheckHostIP yes > > Port 22 > > Protocol 2 > > > > then i su to unpriv user and ran ssh-keygen -d > > > > then i did > > cat id_dsa.pub > authorized_keys2 > > make sure you have a line in /etc/ssh/sshd_config that points to > this, like so: > > AuthorizedKeysFile .ssh/authorized_keys2 > > If it's commented out that's okay (default) just make sure it's the > same filename you've used! > > (Incidentally, on my 5.3 box it's set as .ssh/authorized_keys) > > > > > then copy the id_dsa.pub to a floppy so that i could transfer the dsa key to > > the machine from which id be accessing the unix box. > > > > No, you need to put the PRIVATE key (id_dsa by default) on the > client machines in the .ssh directory under each users' home dir. > The PUBLIC key stays on the server in authorized_keys as you've done > above. Make sure this key and the directory it's in is accessible > only by the user you want. > > Hope that helps, > > G > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Brent Bailey CCNA Bmyster LLC Computer Networking and Webhosting Network Engineer, Webmaster, President http://www.bmyster.com mrb@bmyster.com 207-490-5992
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050305204003.M42739>