On Tue, Jul 01, 2008 at 11:19:31AM +0200, Koenraad Lelong wrote:
Hi, On a OpenSuse 10.3 (64bit) machine I want to configure ssh to accept only public-key logins. I have it running on a 10.1 (32bit) machine, so I copied the sshd_config and the authorized_keys to the 10.3 machine. I read the man-page of the 10.3 sshd_config to see if there were differences but I didn't find any. I restarted sshd and tried to log on. It didn't work, so I made the log-level DEBUG3. I found that sshd seems to skip the DSA-keys. Only the RSA-keys are checked, and since the machine I try to login from had no RSA-key I could not login. I made a new RSA-key, and put it in authorized_keys, and then successfully logged on with this key.
Am I missing something ? This is my sshd_config :
SyslogFacility AUTH LogLevel DEBUG3 PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys RhostsRSAAuthentication no PasswordAuthentication no UsePAM no PrintMotd yes Subsystem sftp /usr/lib64/ssh/sftp-server AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL IgnoreRhosts yes IgnoreUserKnownHosts no StrictModes yes RSAAuthentication no PermitRootLogin no PermitEmptyPasswords no Banner /etc/ssh/banner GatewayPorts no AllowTcpForwarding yes LoginGraceTime 120 KeepAlive yes Protocol 2
Thanks for any help. P.S. I used DSA-keys because I think they are better/safer. Is this true ?
Try: ssh -v user@remotehost to see if there are problems. Also check /var/log/messages for errors/warnings from sshd. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org