just to test out i tried out using pubkey the otherway round, before i was
triying from box 1 to 2 now i have tried 2 to 1 and it works ok! :***, but i
need it the other way round, but its so strange i dont understand, i have
reviewd all the config files ssh_config, sshd_config and /etc/pam.d/ssh and
the only diference is in sshd_config in machine 2 it has #protocol 2 only,
but that should make no diferrence because when i connect from 2 to 1 i use
protocol 2 to connect with no probs, so the mistery cotinues....
25036: debug1: authentications that can continue: publickey,password
25036: debug1: next auth method to try is publickey
25036: debug1: try privkey: /interfaces_mqgp/.ssh/identity
25036: debug1: try pubkey: /interfaces_mqgp/.ssh/id_rsa
25036: debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8hint
1
25036: debug1: read PEM private key done: type RSA
25036: debug1: ssh-userauth2 successful: method publickey
25036: debug1: channel 0: new [client-session]
it Worked! but the other way round ;D
Thnx for your help.
On 04/03/06, Allister
On Friday 03 March 2006 10:47, daniel parkes wrote:
My point is where can u block sshd pub key auth in the system so it doesnt work, because i have it working in my servers but i cant make it work in other servers that are not mine and i would like to know where are they blocking me, so i cant use it,
And the other question was is there another way to copy file from one box to another without having to type the password, not using nfs,samba???
Yes samba can be used and nfs to copy files from a local box to a remote server (serving nnfs or samba shares). Authentication is done on startup in nfs shares which if I remember rightly is done when file shares are mounted via fstab, passwords can be specified there. Samba can also be used and authentication can set up via local login passwords, but of course it will depend on what OS the client uses as to the the samba share setup. All of which will be made more difficult is the servers concerned are not under your control. Having said that it should be possible to setup an ssh login for your client machine. You are using protocol version 1, rsa based pubkey authentication. Your server should have the following declarations in /etc/ssh/sshd_config;
-------------------------------------------------------------------------------- Port 22 #or whatever port your server is set up to listen on Protocol 1,2 # try protocol 1 first ListenAdresss xx.xx.xx.xx #whatever the ip adresss that your server should be setup to listen on Hostkey /etc/ssh/ssh_host_key # as you are using protocol version 1
Loglevel VERBOSE # assuming that you have some method to view the log RSAAuthentication no # as you want to use pubkey (is no by default) PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no # again as you want to use pubkey ChallengeResponseAuthentication no # see above
UsePAM no
Subsystem sftp /usr/lib/ssh/sftp-server # another method of file copying between boxes
#All other declarations should be at default values
------------------------------------------------------------------------------- You have created your keypair on on your client, your private key resides in ~/.ssh/identity which should be readable by the user but NOT accessible any others (read/write/execute). SSH will ignore keys which are accessible by others. The user on your client has an account on the server with the same name as on the client. You have copied the publc part of the key to the server and placed in it your client's (home) directory under ~/.ssh/authorized_keys and chowned that file root:root with perms of maximum 600/0/0 (rwx/---/---). Restart the sshd server (rcsshd restart) on the remote machine and use the following command to copy a file using pubkey authentication (-v for verbose output), assuming that you are logged in on the client machine as the user for whom the public keypair was earlier created;
scp -v filetobecopied <ip address or name of remote server>:/location/to/be/copied/to/filetobecopied
All the above works on SuSE 10.0. HTH Allister
--
Public Key to be found at www.keyserver.net. Search for tag@ukfsn
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com