[opensuse] SSH and DSA public keys
Hi, On a OpenSuse 10.3 (64bit) machine I want to configure ssh to accept only public-key logins. I have it running on a 10.1 (32bit) machine, so I copied the sshd_config and the authorized_keys to the 10.3 machine. I read the man-page of the 10.3 sshd_config to see if there were differences but I didn't find any. I restarted sshd and tried to log on. It didn't work, so I made the log-level DEBUG3. I found that sshd seems to skip the DSA-keys. Only the RSA-keys are checked, and since the machine I try to login from had no RSA-key I could not login. I made a new RSA-key, and put it in authorized_keys, and then successfully logged on with this key. Am I missing something ? This is my sshd_config : SyslogFacility AUTH LogLevel DEBUG3 PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys RhostsRSAAuthentication no PasswordAuthentication no UsePAM no PrintMotd yes Subsystem sftp /usr/lib64/ssh/sftp-server AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL IgnoreRhosts yes IgnoreUserKnownHosts no StrictModes yes RSAAuthentication no PermitRootLogin no PermitEmptyPasswords no Banner /etc/ssh/banner GatewayPorts no AllowTcpForwarding yes LoginGraceTime 120 KeepAlive yes Protocol 2 Thanks for any help. P.S. I used DSA-keys because I think they are better/safer. Is this true ? -- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v.
On Tue, Jul 01, 2008 at 11:19:31AM +0200, Koenraad Lelong wrote:
Hi, On a OpenSuse 10.3 (64bit) machine I want to configure ssh to accept only public-key logins. I have it running on a 10.1 (32bit) machine, so I copied the sshd_config and the authorized_keys to the 10.3 machine. I read the man-page of the 10.3 sshd_config to see if there were differences but I didn't find any. I restarted sshd and tried to log on. It didn't work, so I made the log-level DEBUG3. I found that sshd seems to skip the DSA-keys. Only the RSA-keys are checked, and since the machine I try to login from had no RSA-key I could not login. I made a new RSA-key, and put it in authorized_keys, and then successfully logged on with this key.
Am I missing something ? This is my sshd_config :
SyslogFacility AUTH LogLevel DEBUG3 PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys RhostsRSAAuthentication no PasswordAuthentication no UsePAM no PrintMotd yes Subsystem sftp /usr/lib64/ssh/sftp-server AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL IgnoreRhosts yes IgnoreUserKnownHosts no StrictModes yes RSAAuthentication no PermitRootLogin no PermitEmptyPasswords no Banner /etc/ssh/banner GatewayPorts no AllowTcpForwarding yes LoginGraceTime 120 KeepAlive yes Protocol 2
Thanks for any help. P.S. I used DSA-keys because I think they are better/safer. Is this true ?
Try: ssh -v user@remotehost to see if there are problems. Also check /var/log/messages for errors/warnings from sshd. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Marcus Meissner schreef:
On Tue, Jul 01, 2008 at 11:19:31AM +0200, Koenraad Lelong wrote: ...
Try:
ssh -v user@remotehost
to see if there are problems.
Also check /var/log/messages for errors/warnings from sshd.
Ciao, Marcus I didn't see errors or warnings. I made a new DSA-key and with this key I can logon. It seems I really didn't have a valid key on the machine I used to log on. Where I went wrong though was the fact that sshd in debug-level shows the RSA-keys it tries, but not the DSA-keys. So, sorry for the noise. -- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v.
participants (2)
-
Koenraad Lelong -
Marcus Meissner