Mailinglist Archive: opensuse (1932 mails)
| < Previous | Next > |
[opensuse] SSH and DSA public keys
- From: Koenraad Lelong <k.lelong@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 01 Jul 2008 11:19:31 +0200
- Message-id: <4869F6A3.5030708@xxxxxxxxxxxxxxxxxx>
Hi,
On a OpenSuse 10.3 (64bit) machine I want to configure ssh to accept only public-key logins. I have it running on a 10.1 (32bit) machine, so I copied the sshd_config and the authorized_keys to the 10.3 machine. I read the man-page of the 10.3 sshd_config to see if there were differences but I didn't find any.
I restarted sshd and tried to log on. It didn't work, so I made the log-level DEBUG3. I found that sshd seems to skip the DSA-keys. Only the RSA-keys are checked, and since the machine I try to login from had no RSA-key I could not login. I made a new RSA-key, and put it in authorized_keys, and then successfully logged on with this key.
Am I missing something ? This is my sshd_config :
SyslogFacility AUTH
LogLevel DEBUG3
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
RhostsRSAAuthentication no
PasswordAuthentication no
UsePAM no
PrintMotd yes
Subsystem sftp /usr/lib64/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
IgnoreRhosts yes
IgnoreUserKnownHosts no
StrictModes yes
RSAAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
Banner /etc/ssh/banner
GatewayPorts no
AllowTcpForwarding yes
LoginGraceTime 120
KeepAlive yes
Protocol 2
Thanks for any help.
P.S. I used DSA-keys because I think they are better/safer. Is this true ?
--
Met vriendelijke groeten,
Koenraad Lelong
R&D Manager
ACE electronics n.v.
begin:vcard
fn:Koenraad Lelong
n:Lelong;Koenraad
org:ACE electronics
adr:;;IZ Webbekom 2118;Diest;VlaBra;3290;Belgie
email;internet:k.lelong@xxxxxxxxxxxxxxxxxx
title:R&D Manager
tel;work:+32 13 531906
tel;fax:+32 13 531908
x-mozilla-html:FALSE
url:www.ace-electronicss.be
version:2.1
end:vcard
On a OpenSuse 10.3 (64bit) machine I want to configure ssh to accept only public-key logins. I have it running on a 10.1 (32bit) machine, so I copied the sshd_config and the authorized_keys to the 10.3 machine. I read the man-page of the 10.3 sshd_config to see if there were differences but I didn't find any.
I restarted sshd and tried to log on. It didn't work, so I made the log-level DEBUG3. I found that sshd seems to skip the DSA-keys. Only the RSA-keys are checked, and since the machine I try to login from had no RSA-key I could not login. I made a new RSA-key, and put it in authorized_keys, and then successfully logged on with this key.
Am I missing something ? This is my sshd_config :
SyslogFacility AUTH
LogLevel DEBUG3
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
RhostsRSAAuthentication no
PasswordAuthentication no
UsePAM no
PrintMotd yes
Subsystem sftp /usr/lib64/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
IgnoreRhosts yes
IgnoreUserKnownHosts no
StrictModes yes
RSAAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
Banner /etc/ssh/banner
GatewayPorts no
AllowTcpForwarding yes
LoginGraceTime 120
KeepAlive yes
Protocol 2
Thanks for any help.
P.S. I used DSA-keys because I think they are better/safer. Is this true ?
--
Met vriendelijke groeten,
Koenraad Lelong
R&D Manager
ACE electronics n.v.
begin:vcard
fn:Koenraad Lelong
n:Lelong;Koenraad
org:ACE electronics
adr:;;IZ Webbekom 2118;Diest;VlaBra;3290;Belgie
email;internet:k.lelong@xxxxxxxxxxxxxxxxxx
title:R&D Manager
tel;work:+32 13 531906
tel;fax:+32 13 531908
x-mozilla-html:FALSE
url:www.ace-electronicss.be
version:2.1
end:vcard
| < Previous | Next > |