Re: [suse-security] open ssh - SuSE 7.1

Many thanks This resolved the problem, and I can now access the machine via ssh. The reason the default appeared to have changed was because some months ago the config file was edited to disallow password authentication. However, the person who did that forgot to restart sshd, so the old running version still allowed password authentication! When we did the upgrade, of course, it picked up the edited file and disabled password authentication. Moral of the story: When you change the configuration file of a running deamon, alway tell it to re-read the config file! Thanks a lot for your help. This sort of thing is what makes the SUSE lists so good. alan ----- Original Message ----- From: "Steffen Dettmer" To: Sent: Monday, May 28, 2001 8:22 AM Subject: Re: [suse-security] open ssh - SuSE 7.1 * Alan Lenton wrote on Mon, May 28, 2001 at 07:27 +0100:

debug: Server refused our key. Permission denied.

I tried moving the public and private keys out of my .ssh directory, but got the same message.

You need to place the contents (a single line) in the file ~/.ssh/authorized_keys (with ~ = /root). Make sure that you have a single line. Make sure that the owners of at least .ssh and .ssh/* are correct, and check permissions (must not be writeable for others!). SSH may have written more specified messages via syslog. Check the config files /etc/ssh/sshd_config (in case of OpenSSH). Make sure you said: RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no (may have similar names, taken from ssh config, not OpenSSH).

I upgraded this end to SuSE 7.1 on the off chance that it might help, but continued to get the same response :(

Well, this don't seems like a bug but like a config issue...

I have somone trustworthy who can access the New York end to fix this, but I'm not clear why I can't get password access any more.

For testing, you may allow password auth, so you see if you get queried about password or key-passphrase. In the latter case it should work. Load ssh-agent, and try ssh -v host. If you don't get asked anythink, it should be working and you can disable password auth.

Can anyone give me an indication of how I can get password access re-enabled so I can get to the remote machine and set up secure access?

?!? It seems that I haven't understood... But take a phone, call your contact in NY, and ask to change /etc/ssh/sshd_config. The let send sshd a HUP and retry. Watch syslog. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.