Mailinglist Archive: opensuse (1932 mails)

[Marcus Meissner <meissner@xxxxxxx>]

On Tue, Jul 01, 2008 at 11:19:31AM +0200, Koenraad Lelong wrote:
> Hi,
> On a OpenSuse 10.3 (64bit) machine I want to configure ssh to accept 
> only public-key logins. I have it running on a 10.1 (32bit) machine, so 
> I copied the sshd_config and the authorized_keys to the 10.3 machine. I 
> read the man-page of the 10.3 sshd_config to see if there were 
> differences but I didn't find any.
> I restarted sshd and tried to log on. It didn't work, so I made the 
> log-level DEBUG3. I found that sshd seems to skip the DSA-keys. Only the 
> RSA-keys are checked, and since the machine I try to login from had no 
> RSA-key I could not login. I made a new RSA-key, and put it in 
> authorized_keys, and then successfully logged on with this key.
>
> Am I missing something ? This is my sshd_config :
>
> SyslogFacility AUTH
> LogLevel DEBUG3
> PubkeyAuthentication yes
> AuthorizedKeysFile    %h/.ssh/authorized_keys
> RhostsRSAAuthentication no
> PasswordAuthentication no
> UsePAM no
> PrintMotd yes
> Subsystem     sftp    /usr/lib64/ssh/sftp-server
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY 
> LC_MESSAGES
> AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> AcceptEnv LC_IDENTIFICATION LC_ALL
> IgnoreRhosts yes
> IgnoreUserKnownHosts no
> StrictModes yes
> RSAAuthentication no
> PermitRootLogin no
> PermitEmptyPasswords no
> Banner /etc/ssh/banner
> GatewayPorts no
> AllowTcpForwarding yes
> LoginGraceTime 120
> KeepAlive yes
> Protocol 2
>
> Thanks for any help.
> P.S. I used DSA-keys because I think they are better/safer. Is this true ?

Try:

ssh -v user@remotehost

to see if there are problems.

Also check /var/log/messages for errors/warnings from sshd.

Ciao, Marcus
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx