Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] Problems with sshd and pub keys
- From: "daniel parkes" <liquidsmail@xxxxxxxxx>
- Date: Tue, 7 Mar 2006 09:35:44 +0100
- Message-id: <bda4ad5f0603070035m3d251780y@xxxxxxxxxxxxxx>
just to test out i tried out using pubkey the otherway round, before i was
triying from box 1 to 2 now i have tried 2 to 1 and it works ok! :***, but i
need it the other way round, but its so strange i dont understand, i have
reviewd all the config files ssh_config, sshd_config and /etc/pam.d/ssh and
the only diference is in sshd_config in machine 2 it has #protocol 2 only,
but that should make no diferrence because when i connect from 2 to 1 i use
protocol 2 to connect with no probs, so the mistery cotinues....
25036: debug1: authentications that can continue: publickey,password
25036: debug1: next auth method to try is publickey
25036: debug1: try privkey: /interfaces_mqgp/.ssh/identity
25036: debug1: try pubkey: /interfaces_mqgp/.ssh/id_rsa
25036: debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8hint
1
25036: debug1: read PEM private key done: type RSA
25036: debug1: ssh-userauth2 successful: method publickey
25036: debug1: channel 0: new [client-session]
it Worked! but the other way round ;D
Thnx for your help.
On 04/03/06, Allister <lists@xxxxxxxxxxxxx> wrote:
>
> On Friday 03 March 2006 10:47, daniel parkes wrote:
> > My point is where can u block sshd pub key auth in the system so it
> doesnt
> > work, because i have it working in my servers but i cant make it work in
> > other servers that are not mine and i would like to know where are they
> > blocking me, so i cant use it,
> >
> > And the other question was is there another way to copy file from one
> box
> > to another without having to type the password, not using nfs,samba???
>
> Yes samba can be used and nfs to copy files from a local box to a remote
> server (serving nnfs or samba shares). Authentication is done on startup
> in
> nfs shares which if I remember rightly is done when file shares are
> mounted
> via fstab, passwords can be specified there. Samba can also be used and
> authentication can set up via local login passwords, but of course it will
> depend on what OS the client uses as to the the samba share setup. All of
> which will be made more difficult is the servers concerned are not under
> your
> control.
> Having said that it should be possible to setup an ssh login for
> your client
> machine. You are using protocol version 1, rsa based pubkey
> authentication.
> Your server should have the following declarations in
> /etc/ssh/sshd_config;
>
> --------------------------------------------------------------------------------
> Port 22 #or whatever port your server is set up to listen on
> Protocol 1,2 # try protocol 1 first
> ListenAdresss xx.xx.xx.xx #whatever the ip adresss that your server should
> be
> setup to listen on
> Hostkey /etc/ssh/ssh_host_key # as you are using protocol version 1
>
> Loglevel VERBOSE # assuming that you have some method to view the log
> RSAAuthentication no # as you want to use pubkey (is no by default)
> PubkeyAuthentication yes
> AuthorizedKeysFile %h/.ssh/authorized_keys
>
> PasswordAuthentication no # again as you want to use pubkey
> ChallengeResponseAuthentication no # see above
>
> UsePAM no
>
> Subsystem sftp /usr/lib/ssh/sftp-server # another method of file copying
> between boxes
>
> #All other declarations should be at default values
>
> -------------------------------------------------------------------------------
> You have created your keypair on on your client, your private key resides
> in
> ~/.ssh/identity which should be readable by the user but NOT accessible
> any
> others (read/write/execute). SSH will ignore keys which are accessible by
> others. The user on your client has an account on the server with the
> same
> name as on the client. You have copied the publc part of the key to the
> server and placed in it your client's (home) directory under
> ~/.ssh/authorized_keys and chowned that file root:root with perms of
> maximum
> 600/0/0 (rwx/---/---).
> Restart the sshd server (rcsshd restart) on the remote machine and use the
> following command to copy a file using pubkey authentication (-v for
> verbose
> output), assuming that you are logged in on the client machine as the user
> for whom the public keypair was earlier created;
>
> scp -v filetobecopied <ip address or name of remote
> server>:/location/to/be/copied/to/filetobecopied
>
> All the above works on SuSE 10.0.
> HTH
> Allister
>
> --
>
> Public Key to be found at www.keyserver.net.
> Search for tag@ukfsn
>
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>
>
>
triying from box 1 to 2 now i have tried 2 to 1 and it works ok! :***, but i
need it the other way round, but its so strange i dont understand, i have
reviewd all the config files ssh_config, sshd_config and /etc/pam.d/ssh and
the only diference is in sshd_config in machine 2 it has #protocol 2 only,
but that should make no diferrence because when i connect from 2 to 1 i use
protocol 2 to connect with no probs, so the mistery cotinues....
25036: debug1: authentications that can continue: publickey,password
25036: debug1: next auth method to try is publickey
25036: debug1: try privkey: /interfaces_mqgp/.ssh/identity
25036: debug1: try pubkey: /interfaces_mqgp/.ssh/id_rsa
25036: debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8hint
1
25036: debug1: read PEM private key done: type RSA
25036: debug1: ssh-userauth2 successful: method publickey
25036: debug1: channel 0: new [client-session]
it Worked! but the other way round ;D
Thnx for your help.
On 04/03/06, Allister <lists@xxxxxxxxxxxxx> wrote:
>
> On Friday 03 March 2006 10:47, daniel parkes wrote:
> > My point is where can u block sshd pub key auth in the system so it
> doesnt
> > work, because i have it working in my servers but i cant make it work in
> > other servers that are not mine and i would like to know where are they
> > blocking me, so i cant use it,
> >
> > And the other question was is there another way to copy file from one
> box
> > to another without having to type the password, not using nfs,samba???
>
> Yes samba can be used and nfs to copy files from a local box to a remote
> server (serving nnfs or samba shares). Authentication is done on startup
> in
> nfs shares which if I remember rightly is done when file shares are
> mounted
> via fstab, passwords can be specified there. Samba can also be used and
> authentication can set up via local login passwords, but of course it will
> depend on what OS the client uses as to the the samba share setup. All of
> which will be made more difficult is the servers concerned are not under
> your
> control.
> Having said that it should be possible to setup an ssh login for
> your client
> machine. You are using protocol version 1, rsa based pubkey
> authentication.
> Your server should have the following declarations in
> /etc/ssh/sshd_config;
>
> --------------------------------------------------------------------------------
> Port 22 #or whatever port your server is set up to listen on
> Protocol 1,2 # try protocol 1 first
> ListenAdresss xx.xx.xx.xx #whatever the ip adresss that your server should
> be
> setup to listen on
> Hostkey /etc/ssh/ssh_host_key # as you are using protocol version 1
>
> Loglevel VERBOSE # assuming that you have some method to view the log
> RSAAuthentication no # as you want to use pubkey (is no by default)
> PubkeyAuthentication yes
> AuthorizedKeysFile %h/.ssh/authorized_keys
>
> PasswordAuthentication no # again as you want to use pubkey
> ChallengeResponseAuthentication no # see above
>
> UsePAM no
>
> Subsystem sftp /usr/lib/ssh/sftp-server # another method of file copying
> between boxes
>
> #All other declarations should be at default values
>
> -------------------------------------------------------------------------------
> You have created your keypair on on your client, your private key resides
> in
> ~/.ssh/identity which should be readable by the user but NOT accessible
> any
> others (read/write/execute). SSH will ignore keys which are accessible by
> others. The user on your client has an account on the server with the
> same
> name as on the client. You have copied the publc part of the key to the
> server and placed in it your client's (home) directory under
> ~/.ssh/authorized_keys and chowned that file root:root with perms of
> maximum
> 600/0/0 (rwx/---/---).
> Restart the sshd server (rcsshd restart) on the remote machine and use the
> following command to copy a file using pubkey authentication (-v for
> verbose
> output), assuming that you are logged in on the client machine as the user
> for whom the public keypair was earlier created;
>
> scp -v filetobecopied <ip address or name of remote
> server>:/location/to/be/copied/to/filetobecopied
>
> All the above works on SuSE 10.0.
> HTH
> Allister
>
> --
>
> Public Key to be found at www.keyserver.net.
> Search for tag@ukfsn
>
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>
>
>
| < Previous | Next > |